CVE-2016-4788
https://notcve.org/view.php?id=CVE-2016-4788
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. Pulse Connect Secure (PCS) 8.2 en versiones anteriores a 8.2r1, 8.1 en versiones anteriores a 8.1r2, 8.0 en versiones anteriores a 8.0r10 y 7.4 en versiones anteriores a 7.4r13.4 permite a atacantes remotos leer un archivo de sistema no especificado a través de vectores desconocidos. • http://www.securitytracker.com/id/1035932 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40208 •
CVE-2016-3985
https://notcve.org/view.php?id=CVE-2016-3985
The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors. La funcionalidad de restricciones de sesión de cliente Terminal Services Remote Desktop Protocol (RDP) en Pulse Connect Secure (también conocido como PCS) 8.1R7 y 8.2R1 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas a través de vectores no especificados. • http://www.securitytracker.com/id/1035129 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40166 • CWE-284: Improper Access Control •
CVE-2015-7322
https://notcve.org/view.php?id=CVE-2015-7322
The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests. El Secure Meeting (Pulse Collaboration) en Pulse Connect Secure (anteriormente Juniper Junos Pulse) en versiones anteriores a 7.1R22.1, 7.4, 8.0 en versiones anteriores a 8.0R11 y 8.1 en versiones anteriores a 8.1R3 proporciona diferentes mensajes para los intentos para unirse a una reunión dependiendo del estado de la reunión, lo que permite a atacantes remotos enumerar los ids de reuniones válidos a través de una serie de peticiones. • http://www.securitytracker.com/id/1033685 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40053 https://profundis-labs.com/advisories/CVE-2015-7322.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7323 – Junos Pulse Secure Meeting 8.0.5 Access Bypass
https://notcve.org/view.php?id=CVE-2015-7323
The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. El Secure Meeting (Pulse Collaboration) en Pulse Connect Secure (anteriormente Juniper Junos Pulse) en versiones anteriores a 7.1R22.1, 7.4, 8.0 en versiones anteriores a 8.0R11 y 8.1 en versiones anteriores a 8.1R3 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y conectarse a reuniones arbitrarias mediante aprovechamiento de un id de reunión y meetingAppSun.jar. Junos Pulse Secure Meeting version 8.0.5 allows an attacker to enter "secure" meetings without knowledge of the password and the invitation link using the java fat client (meetingAppSun.jar). • http://seclists.org/fulldisclosure/2015/Sep/98 http://www.securitytracker.com/id/1033684 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054 https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html https://profundis-labs.com/advisories/CVE-2015-7323.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-5369
https://notcve.org/view.php?id=CVE-2015-5369
Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message. Vulnerabilidad en Pulse Connect Secure (también conocido como PCS y anteriormente Juniper PCS) PSC6000, PCS6500 y MAG PSC360 8.1 en versiones anteriores a 8.1r5, 8.0 en versiones anteriores a 8.0r13, 7.4 en versiones anteriores a 7.4r13.5, 7.1 en versiones anteriores a 7.1r22.2, PPS 5.1 en versiones anteriores a 5.1R5 y 5.0 en versiones anteriores a 5.0R13, cuando está habilitada Hardware Acceleration, no valida correctamente el mensaje del handshake de Finished TLS, lo que hace que sea más fácil para los atacantes remotos realizar ataques man-in-the-middle a través de un mensaje Finished manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756 http://www.securitytracker.com/id/1033166 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004 https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends • CWE-17: DEPRECATED: Code CWE-20: Improper Input Validation •