Sign-up

ID

VAR-201510-0224


CVE

CVE-2015-7322


TITLE

Pulse Connect Secure of Secure Meeting Active meetings in ID Enumerated vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005091

DESCRIPTION

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests. Pulse Connect Secure (also known as PCS, formerly known as Juniper Junos Pulse) is a set of SSL VPN solutions of American Pulse Secure company. The following versions are affected: Pulse Secure Pulse Connect Secure Version 7.1, Version 7.4, Version 8.0, Version 8.1

Trust: 1.71

sources: NVD: CVE-2015-7322 // JVNDB: JVNDB-2015-005091 // VULHUB: VHN-85283

AFFECTED PRODUCTS

vendor:junipermodel:pulse connect securescope:eqversion:7.4

Trust: 2.4

vendor:junipermodel:pulse connect securescope:eqversion:8.0

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:7.1

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:8.1

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:8.1r3

Trust: 0.8

vendor:junipermodel:pulse connect securescope:ltversion:8.1

Trust: 0.8

vendor:junipermodel:pulse connect securescope:eqversion:8.0r11

Trust: 0.8

vendor:junipermodel:pulse connect securescope:ltversion:8.0

Trust: 0.8

sources: JVNDB: JVNDB-2015-005091 // CNNVD: CNNVD-201510-021 // NVD: CVE-2015-7322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7322
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7322
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-021
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85283
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7322
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85283
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85283 // JVNDB: JVNDB-2015-005091 // CNNVD: CNNVD-201510-021 // NVD: CVE-2015-7322

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-85283 // JVNDB: JVNDB-2015-005091 // NVD: CVE-2015-7322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-021

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-021

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005091

PATCH
title:SA40053url:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40053
Trust: 0.8
title:Pulse Secure Pulse Connect Secure Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57881
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005091 // 
            
            
            
            CNNVD: CNNVD-201510-021

EXTERNAL IDS
db:NVDid:CVE-2015-7322
Trust: 2.5
db:PULSESECUREid:SA40053
Trust: 1.7
db:SECTRACKid:1033685
Trust: 1.1
db:JVNDBid:JVNDB-2015-005091
Trust: 0.8
db:CNNVDid:CNNVD-201510-021
Trust: 0.7
db:VULHUBid:VHN-85283
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85283 // 
            
            
            
            JVNDB: JVNDB-2015-005091 // 
            
            
            
            CNNVD: CNNVD-201510-021 // 
            
            
            
            NVD: CVE-2015-7322

REFERENCES
url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40053
Trust: 1.7
url:https://profundis-labs.com/advisories/cve-2015-7322.txt
Trust: 1.7
url:http://www.securitytracker.com/id/1033685
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7322
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7322
Trust: 0.8
sources:
            
            
            VULHUB: VHN-85283 // 
            
            
            
            JVNDB: JVNDB-2015-005091 // 
            
            
            
            CNNVD: CNNVD-201510-021 // 
            
            
            
            NVD: CVE-2015-7322

SOURCES
db:VULHUBid:VHN-85283
db:JVNDBid:JVNDB-2015-005091
db:CNNVDid:CNNVD-201510-021
db:NVDid:CVE-2015-7322

LAST UPDATE DATE
2025-04-13T23:34:03.280000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85283date:2016-12-08T00:00:00
db:JVNDBid:JVNDB-2015-005091date:2015-10-07T00:00:00
db:CNNVDid:CNNVD-201510-021date:2015-10-09T00:00:00
db:NVDid:CVE-2015-7322date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-85283date:2015-10-05T00:00:00
db:JVNDBid:JVNDB-2015-005091date:2015-10-07T00:00:00
db:CNNVDid:CNNVD-201510-021date:2015-10-09T00:00:00
db:NVDid:CVE-2015-7322date:2015-10-05T15:59:00.097