CVE-2015-7323
Junos Pulse Secure Meeting 8.0.5 Access Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.
El Secure Meeting (Pulse Collaboration) en Pulse Connect Secure (anteriormente Juniper Junos Pulse) en versiones anteriores a 7.1R22.1, 7.4, 8.0 en versiones anteriores a 8.0R11 y 8.1 en versiones anteriores a 8.1R3 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y conectarse a reuniones arbitrarias mediante aprovechamiento de un id de reuniĆ³n y meetingAppSun.jar.
Junos Pulse Secure Meeting version 8.0.5 allows an attacker to enter "secure" meetings without knowledge of the password and the invitation link using the java fat client (meetingAppSun.jar).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-22 CVE Reserved
- 2015-09-25 CVE Published
- 2023-04-19 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1033684 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054 | 2016-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Pulse Connect Secure Search vendor "Juniper" for product "Pulse Connect Secure" | 7.1 Search vendor "Juniper" for product "Pulse Connect Secure" and version "7.1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Pulse Connect Secure Search vendor "Juniper" for product "Pulse Connect Secure" | 7.4 Search vendor "Juniper" for product "Pulse Connect Secure" and version "7.4" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Pulse Connect Secure Search vendor "Juniper" for product "Pulse Connect Secure" | 8.0 Search vendor "Juniper" for product "Pulse Connect Secure" and version "8.0" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Pulse Connect Secure Search vendor "Juniper" for product "Pulse Connect Secure" | 8.1 Search vendor "Juniper" for product "Pulse Connect Secure" and version "8.1" | - |
Affected
| ||||||