How severe is CVE-2018-7572?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2018-7572?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2018-7572

MEDIUM Year: 2018

CVSS v3 Score

6.8

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-287

View all →

Vulnerability Description

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.

CVE-2014-2005

MEDIUM

CVSS:6.8(Medium)

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically ...

CWE-2872014

CVE-2016-4484

MEDIUM

CVSS:6.8(Medium)

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.

CWE-2872016

CVE-2017-10709

MEDIUM

CVSS:6.8(Medium)

The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.

CWE-2872017

CVE-2017-12610

MEDIUM

CVSS:6.8(Medium)

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication wh...

CWE-2872017

CVE-2017-15351

MEDIUM

CVSS:6.8(Medium)

The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in t...

CWE-2872017

CVE-2017-16242

MEDIUM

CVSS:6.8(Medium)

An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access...

CWE-2872017

CVE-2018-7572

Vulnerability Description

Related Vulnerabilities

CVE-2014-2005

CVE-2016-4484

CVE-2017-10709

CVE-2017-12610

CVE-2017-15351

CVE-2017-16242