Sign-up

ID

VAR-201510-0225


CVE

CVE-2015-7323


TITLE

Pulse Connect Secure of Secure Meeting Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2015-005090

DESCRIPTION

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. Pulse Connect Secure is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Pulse Connect Secure (also known as PCS, formerly known as Juniper Junos Pulse) is a set of SSL VPN solutions of American Pulse Secure company

Trust: 2.07

sources: NVD: CVE-2015-7323 // JVNDB: JVNDB-2015-005090 // BID: 76857 // VULHUB: VHN-85284 // VULMON: CVE-2015-7323

AFFECTED PRODUCTS

vendor:junipermodel:pulse connect securescope:eqversion:7.4

Trust: 2.4

vendor:junipermodel:pulse connect securescope:eqversion:8.0

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:7.1

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:8.1

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:8.1r3

Trust: 0.8

vendor:junipermodel:pulse connect securescope:ltversion:8.1

Trust: 0.8

vendor:junipermodel:pulse connect securescope:eqversion:8.0r11

Trust: 0.8

vendor:junipermodel:pulse connect securescope:ltversion:8.0

Trust: 0.8

vendor:pulsemodel:secure pulse connect securescope:eqversion:0

Trust: 0.3

vendor:pulsemodel:secure junos pulse secure meetingscope:eqversion:8.0.5

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.1r3scope:neversion: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 8.0r11scope:neversion: -

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure etascope:neversion:7.4

Trust: 0.3

vendor:pulsemodel:secure pulse connect secure 7.1r22.1scope:neversion: -

Trust: 0.3

sources: BID: 76857 // JVNDB: JVNDB-2015-005090 // CNNVD: CNNVD-201510-022 // NVD: CVE-2015-7323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7323
value: LOW

Trust: 1.0

NVD: CVE-2015-7323
value: LOW

Trust: 0.8

CNNVD: CNNVD-201510-022
value: LOW

Trust: 0.6

VULHUB: VHN-85284
value: LOW

Trust: 0.1

VULMON: CVE-2015-7323
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-7323
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-85284
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85284 // VULMON: CVE-2015-7323 // JVNDB: JVNDB-2015-005090 // CNNVD: CNNVD-201510-022 // NVD: CVE-2015-7323

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-85284 // JVNDB: JVNDB-2015-005090 // NVD: CVE-2015-7323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-022

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201510-022

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005090

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-85284

PATCH
title:SA40054url:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054
Trust: 0.8
title:Pulse Secure Pulse Connect Secure Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57882
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005090 // 
            
            
            
            CNNVD: CNNVD-201510-022

EXTERNAL IDS
db:NVDid:CVE-2015-7323
Trust: 2.9
db:PULSESECUREid:SA40054
Trust: 2.1
db:PACKETSTORMid:133711
Trust: 1.8
db:SECTRACKid:1033684
Trust: 1.2
db:JVNDBid:JVNDB-2015-005090
Trust: 0.8
db:CNNVDid:CNNVD-201510-022
Trust: 0.7
db:BIDid:76857
Trust: 0.5
db:VULHUBid:VHN-85284
Trust: 0.1
db:VULMONid:CVE-2015-7323
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85284 // 
            
            
            
            VULMON: CVE-2015-7323 // 
            
            
            
            BID: 76857 // 
            
            
            
            JVNDB: JVNDB-2015-005090 // 
            
            
            
            CNNVD: CNNVD-201510-022 // 
            
            
            
            NVD: CVE-2015-7323

REFERENCES
url:http://seclists.org/fulldisclosure/2015/sep/98
Trust: 2.6
url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40054
Trust: 2.1
url:https://packetstormsecurity.com/files/133711/junos-pulse-secure-meeting-8.0.5-access-bypass.html
Trust: 1.9
url:https://profundis-labs.com/advisories/cve-2015-7323.txt
Trust: 1.8
url:http://www.securitytracker.com/id/1033684
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7323
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7323
Trust: 0.8
url:https://my.pulsesecure.net/
Trust: 0.3
url:https://www.profundis-labs.com/advisories/cve-2015-7323.txt
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://www.securityfocus.com/bid/76857
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85284 // 
            
            
            
            VULMON: CVE-2015-7323 // 
            
            
            
            BID: 76857 // 
            
            
            
            JVNDB: JVNDB-2015-005090 // 
            
            
            
            CNNVD: CNNVD-201510-022 // 
            
            
            
            NVD: CVE-2015-7323

CREDITS
Philipp Rocholl of Profundis Labs
Trust: 0.3
sources:
            
            
            BID: 76857

SOURCES
db:VULHUBid:VHN-85284
db:VULMONid:CVE-2015-7323
db:BIDid:76857
db:JVNDBid:JVNDB-2015-005090
db:CNNVDid:CNNVD-201510-022
db:NVDid:CVE-2015-7323

LAST UPDATE DATE
2025-04-13T23:31:33.483000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85284date:2016-12-08T00:00:00
db:VULMONid:CVE-2015-7323date:2016-12-08T00:00:00
db:BIDid:76857date:2015-09-25T00:00:00
db:JVNDBid:JVNDB-2015-005090date:2015-10-07T00:00:00
db:CNNVDid:CNNVD-201510-022date:2015-10-09T00:00:00
db:NVDid:CVE-2015-7323date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-85284date:2015-10-05T00:00:00
db:VULMONid:CVE-2015-7323date:2015-10-05T00:00:00
db:BIDid:76857date:2015-09-25T00:00:00
db:JVNDBid:JVNDB-2015-005090date:2015-10-07T00:00:00
db:CNNVDid:CNNVD-201510-022date:2015-10-09T00:00:00
db:NVDid:CVE-2015-7323date:2015-10-05T15:59:01.860