Medium severity6.8NVD Advisory· Published Sep 12, 2018· Updated Jun 17, 2026
CVE-2018-7572
CVE-2018-7572
Description
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 9.0R1, <5.3R5
Patches
Vulnerability mechanics
References
1- www.mdsec.co.uk/2018/09/advisory-cve-2018-7572-pulse-secure-client-authentication-bypass/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.