RSS   Vulnerabilities for 'Pulse secure desktop'   RSS

2018-09-12
 
CVE-2018-7572

CWE-287
 

 
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.

 
2016-08-02
 
CVE-2016-2408

 

 
An unspecified client-side component in Pulse Secure Desktop Client before 5.0r15.1, 5.1rX before 5.1r9.1, and 5.2rX before 5.2r4.1; Installer Service (formerly Juniper Installer Service) and Collaboration (formerly Secure Meeting) before 8.0r15.1, 8.1rX before 8.1r9.1, and 8.2rX before 8.2r4.1; and Odyssey Access Client before 5.6r18 on Windows allows local users to gain administrative privileges via unknown vectors.

 

 >>> Vendor: Pulsesecure 15 Products
Client
Odyssey access client
Pulse connect secure
Steel belted radius
Pulse secure desktop
Pulse secure security
Standalone pulse installer service
Virtual traffic manager
Pulse policy secure
Pulse one on-premise
Plus secure desktop
Pulse secure desktop client
Secure access series ssl vpn sa-4000
Pulse secure virtual application delivery controller
Pulse secure installer service


Copyright 2024, cxsecurity.com

 

Back to Top