Main Vulnerability Database Vulnerabilities #VU40261

#VU40261 Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2016-4788

Published: May 26, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40261

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-4788

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)

Software vendor:
Ivanti

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.

Remediation

Install update from vendor's website.

External links

http://www.securitytracker.com/id/1035932
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40208