CVE-2016-4787

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.

CVSS v3 10.0 CRITICAL
CVSS v2.0 6.4 MEDIUM

10.0^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

Exploitability : 3.9 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securitytracker.com/id/1035932
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ivanti:connect_secure:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:ivanti:connect_secure:8.1:::::::*
	cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:::::::*

History

No history.

Information

Published : 2016-05-26 14:59

Updated : 2024-02-27 21:04

NVD link : CVE-2016-4787

Mitre link : CVE-2016-4787

CVE.ORG link : CVE-2016-4787

JSON object : View

Products Affected

ivanti

connect_secure

pulsesecure

pulse_connect_secure

CWE

NVD-CWE-noinfo

{"id": "CVE-2016-4787", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 3.9}]}, "published": "2016-05-26T14:59:03.493", "references": [{"url": "http://www.securitytracker.com/id/1035932", "source": "cve@mitre.org"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors."}, {"lang": "es", "value": "Pulse Connect Secure (PCS) 8.2 en versiones anteriores a 8.2r1, 8.1 en versiones anteriores a 8.1r2, 8.0 en versiones anteriores a 8.0r10 y 7.4 en versiones anteriores a 7.4r13.4 permite a atacantes remotos leer archivos de autenticaci\u00f3n sensibles del sistema en un directorio no especificado a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-02-27T21:04:17.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:connect_secure:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52840E34-91BB-4E44-BE85-B50CDE4D2EDD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2BCE3E8-ED64-4CCD-9A3F-3D99476B81E1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A1A7B1C-EF34-4F63-AE11-75DB8DCBF9F1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7"}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}