CVE-2015-7323

2015-10-0515:59:01

CWE-264

[email protected]

web.nvd.nist.gov

security

vulnerability

pulse connect secure

authentication

access restrictions

remote users

cve-2015-7323

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.4%

JSON

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.

Affected configurations

NVD

Node

juniperpulse_connect_secureMatch7.1

juniperpulse_connect_secureMatch7.4

juniperpulse_connect_secureMatch8.0

juniperpulse_connect_secureMatch8.1

CPENameOperatorVersion
juniper:pulse_connect_securejuniper pulse connect secureeq7.1
juniper:pulse_connect_securejuniper pulse connect secureeq7.4
juniper:pulse_connect_securejuniper pulse connect secureeq8.0
juniper:pulse_connect_securejuniper pulse connect secureeq8.1

CPE	Name	Operator	Version
juniper:pulse_connect_secure	juniper pulse connect secure	eq	7.1
juniper:pulse_connect_secure	juniper pulse connect secure	eq	7.4
juniper:pulse_connect_secure	juniper pulse connect secure	eq	8.0
juniper:pulse_connect_secure	juniper pulse connect secure	eq	8.1