Vulnerability CVE-2015-7323


Published: 2015-10-05

Description:
The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Junos Pulse Secure Meeting 8.0.5 Access Bypass
Profundis
26.09.2015

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Juniper -> Pulse connect secure 

 References:
http://seclists.org/fulldisclosure/2015/Sep/98
http://www.securitytracker.com/id/1033684
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054
https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html
https://profundis-labs.com/advisories/CVE-2015-7323.txt

Copyright 2021, cxsecurity.com

 

Back to Top