Main Vulnerability Database Vulnerabilities #VU40258

Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2016-4791

Published: May 26, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40258

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-4791

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Ivanti

Affected software:
Ivanti Connect Secure (formerly Pulse Connect Secure)

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.

How to mitigate CVE-2016-4791

Install update from vendor's website.

Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2016-4791

Detailed vulnerability description

How to mitigate CVE-2016-4791

Sources

Please verify you're human