Vulnerability identifier: #VU31940
Vulnerability risk: Medium
Exploitation vector: Network
Vendor: Pulse Secure
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the admin panel. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versions
Pulse Connect Secure: 9.1R1 - 9.1R7
Pulse Policy Secure: 9.1R1 - 9.1R7
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?