Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.PULSE_CONNECT_SECURE-SA-43730.NASL
HistoryMay 18, 2018 - 12:00 a.m.

Pulse Connect Secure Multiple Vulnerabilities (SA43730)

2018-05-1800:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
300
JSON

According to its self-reported version, the version of Pulse Connect Secure running on the remote host is affected by multiple vulnerabilities. Refer to the vendor advisory for additional information.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(109919);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2007-5846",
    "CVE-2016-2125",
    "CVE-2016-2126",
    "CVE-2016-10142",
    "CVE-2018-9849"
  );
  script_bugtraq_id(
    26378,
    94988,
    94994,
    95797,
    104160
  );

  script_name(english:"Pulse Connect Secure Multiple Vulnerabilities (SA43730)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch or upgrade to version 9.0R1.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the version of Pulse Connect
Secure running on the remote host is affected by multiple
vulnerabilities. Refer to the vendor advisory for additional
information.");
  # https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1c6b4e69");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the appropriate version referenced in the advisory.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2125");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pulsesecure:pulse_connect_secure");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("pulse_connect_secure_detect.nbin");
  script_require_keys("installed_sw/Pulse Connect Secure");

  exit(0);
}

include('http.inc');
include('vcf.inc');
include('vcf_extras.inc');

port = get_http_port(default:443, embedded:TRUE);
app_info = vcf::pulse_connect_secure::get_app_info(app:'Pulse Connect Secure', port:port, full_version:TRUE, webapp:TRUE);

constraints = [
 {'min_version':'8.3.1', 'fixed_version':'8.3.5.63409', 'fixed_display':'8.3R5'},
 {'min_version':'8.2.1', 'fixed_version':'8.2.11.63995', 'fixed_display':'8.2R11'},
 {'min_version':'8.1.1', 'fixed_version':'8.1.14.59737', 'fixed_display':'8.1R14'},
 # Everything else and suggest upgrade to latest
 # '8.1R0' is not a version, but is used as a ceiling
 {'min_version':'0.0', 'fixed_version':'8.1.0', 'fixed_display':'9.0R1'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
VendorProductVersionCPE
pulsesecurepulse_connect_securecpe:/a:pulsesecure:pulse_connect_secure

Related

nessus 61
openvas 43
ibm 11
redhat 7
oraclelinux 5
fedora 4
centos 5
altlinux 5
slackware 1
archlinux 1
freebsd 2
ubuntu 2
securityvulns 2
prion 5
redhatcve 2
cve 5
f5 3
ubuntucve 4
checkpoint_security 1
seebug 1
debian 5
debiancve 3
osv 5
veracode 4
ics 1
gentoo 1
amazon 1
samba 2
mageia 2
alpinelinux 2
vmware 2
virtuozzo 1
nessus
nessus
Pulse Policy Secure Multiple Vulnerabilities (SA43730)
2018-05-18 00:00:00
RHEL 6 : Gluster Storage (RHSA-2017:0494)
2017-03-24 00:00:00
Oracle Linux 6 : samba4 (ELSA-2017-0744)
2017-03-30 00:00:00
openvas
openvas
RedHat Update for samba RHSA-2017:0662-01
2017-03-22 00:00:00
Fedora Update for samba FEDORA-2017-d0a537062c
2017-01-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3300-1)
2021-06-09 00:00:00
ibm
ibm
Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2125, CVE-2016-2126)
2018-06-18 00:32:38
Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2016-2126, 2016-2125)
2018-08-01 19:05:46
Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2016-2125, CVE-2016-2126 )
2018-06-18 00:32:38
redhat
redhat
(RHSA-2017:0662) Moderate: samba security and bug fix update
2017-03-21 06:17:45
(RHSA-2017:0744) Moderate: samba4 security and bug fix update
2017-03-21 06:17:49
(RHSA-2017:0495) Moderate: Red Hat Gluster Storage 3.2.0 samba security, bug fixes and enhancement update
2017-03-23 05:04:49
oraclelinux
oraclelinux
samba security and bug fix update
2017-03-27 00:00:00
samba4 security and bug fix update
2017-03-27 00:00:00
samba security and bug fix update
2017-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: samba-4.4.9-0.fc24
2017-01-09 01:25:50
[SECURITY] Fedora 25 Update: samba-4.5.3-0.fc25
2016-12-22 16:51:05
[SECURITY] Fedora 7 Update: net-snmp-5.4-16.fc7
2007-11-20 17:53:55
centos
centos
samba4 security update
2017-03-24 15:43:22
libsmbclient, samba security update
2017-03-24 15:43:17
ctdb, libsmbclient, libwbclient, samba security update
2017-05-22 16:26:22
altlinux
altlinux
Security fix for the ALT Linux 7 package samba-DC version 4.5.3-alt1.M70P.1
2016-12-19 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.5.3-alt1
2016-12-19 00:00:00
Security fix for the ALT Linux 7 package samba version 4.5.3-alt1.M70P.1
2016-12-19 00:00:00
slackware
slackware
[slackware-security] samba
2016-12-28 21:10:14
archlinux
archlinux
[ASA-201612-19] samba: multiple issues
2016-12-22 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2016-12-19 00:00:00
net-snmp -- denial of service via GETBULK request
2007-11-06 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2016-12-19 00:00:00
Net-SNMP vulnerability
2008-01-09 00:00:00
securityvulns
securityvulns
[ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability
2007-11-19 00:00:00
net-snmp DoS
2007-11-19 00:00:00
prion
prion
Design/Logic Flaw
2017-01-14 07:59:00
Design/Logic Flaw
2007-11-06 21:46:00
Authentication flaw
2018-10-31 20:29:00
redhatcve
redhatcve
CVE-2016-10142
2017-01-24 04:47:24
CVE-2016-2126
2019-10-11 15:33:40
cve
cve
CVE-2016-10142
2017-01-14 07:59:00
CVE-2007-5846
2007-11-06 21:46:00
CVE-2018-9849
2018-05-10 14:29:00
f5
f5
K57211290 : IPv6 fragmentation vulnerability CVE-2016-10142
2017-07-12 00:00:00
K33151296 : SNMP vulnerability CVE-2007-5846
2017-07-21 00:00:00
K03644631 : Samba vulnerability CVE-2016-2126
2017-04-11 00:00:00
ubuntucve
ubuntucve
CVE-2016-10142
2017-01-14 00:00:00
CVE-2007-5846
2007-11-06 00:00:00
CVE-2016-2125
2016-12-19 00:00:00
checkpoint_security
checkpoint_security
Check Point response to NET-SNMP vulnerability CVE-2007-5846
2007-12-12 22:00:00
seebug
seebug
Net-SNMP GETBULKθΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2007-11-09 00:00:00
debian
debian
[SECURITY] [DSA 1483-1] New net-snmp packages fix denial of service vulnerability
2008-02-06 19:14:22
[SECURITY] [DSA 1483-1] New net-snmp packages fix denial of service vulnerability
2008-02-06 19:14:22
[SECURITY] [DSA 3740-1] samba security update
2016-12-19 10:16:48
debiancve
debiancve
CVE-2007-5846
2007-11-06 21:46:00
CVE-2016-2125
2018-10-31 20:29:00
CVE-2016-2126
2017-05-11 14:29:00
osv
osv
net-snmp - denial of service
2008-02-06 00:00:00
samba - security update
2016-12-19 00:00:00
CVE-2016-2125
2018-10-31 20:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:51:57
Denial Of Service (DoS)
2020-04-10 00:22:44
Spoofing And Impersonation
2019-01-15 09:16:14
ics
ics
Siemens SCALANCE X200 IRT
2023-02-16 12:00:00
gentoo
gentoo
Net-SNMP: Denial of service
2007-11-20 00:00:00
amazon
amazon
Important: samba
2017-05-30 23:54:00
samba
samba
Unconditional privilege delegation to Kerberos servers in trusted realms
2016-12-19 00:00:00
Flaws in Kerberos PAC validation can trigger privilege elevation.
2016-12-19 00:00:00
mageia
mageia
Updated samba packages fix security vulnerability
2016-12-30 18:00:01
Updated samba packages fix security vulnerability
2017-05-25 17:37:42
alpinelinux
alpinelinux
CVE-2016-2125
2018-10-31 20:29:00
CVE-2016-2126
2017-05-11 14:29:00
vmware
vmware
Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
2008-04-15 00:00:00
Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
2008-04-15 00:00:00
virtuozzo
virtuozzo
Kernel security update: new kernel 2.6.32-042stab123.1, Virtuozzo 6.0 Update 12 Hotfix 7 (6.0.12-)
2017-03-30 00:00:00
JSON
Related for PULSE_CONNECT_SECURE-SA-43730.NASL
nessus61openvas43ibm11redhat7oraclelinux5fedora4centos5altlinux5slackware1archlinux1freebsd2ubuntu2securityvulns2prion5redhatcve2cve5f53ubuntucve4checkpoint_security1seebug1debian5debiancve3osv5veracode4ics1gentoo1amazon1samba2mageia2alpinelinux2vmware2virtuozzo1