SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Encryption/VPN)  >   Pulse Connect Secure (formerly Juniper Pulse Secure) Vendors:   Juniper, Pulse Secure
Pulse Connect Secure Access Control Flaw in Secure Meeting Component Lets Remote Authenticated Users Join Meetings on the Target System
SecurityTracker Alert ID:  1033684
SecurityTracker URL:  http://securitytracker.com/id/1033684
CVE Reference:   CVE-2015-7323   (Links to External Site)
Date:  Sep 30 2015
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 7.1R22.1, 7.4, 8.0R11, 8.1R3
Description:   A vulnerability was reported in Pulse Connect Secure. A remote authenticated user can gain access to meetings that they are not authorized to join.

A remote authenticated user can use the Java client to exploit an access control flaw in the Secure Meeting component to login to meetings that they are not authorized to join.

Systems with Secure Meeting disabled are not affected.

The original advisory is available at:

https://profundis-labs.com/advisories/CVE-2015-7323.txt

Philipp Rocholl of Profundis Labs reported this vulnerability.

Impact:   A remote authenticated user can gain access to meetings that they are not authorized to join.
Solution:   The vendor has issued a fix (7.1R22.1, 7.4, 8.0R11, 8.1R3).

The vendor's advisory is available at:

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054

Vendor URL:  kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC