CVE-2015-7323

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:juniper:pulse_connect_secure:7.1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:pulse_connect_secure:7.4:*:*:*:*:*:*:*
cpe:2.3:a:juniper:pulse_connect_secure:8.0:*:*:*:*:*:*:*
cpe:2.3:a:juniper:pulse_connect_secure:8.1:*:*:*:*:*:*:*

History

21 Nov 2024, 02:36

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2015/Sep/98 - Exploit () http://seclists.org/fulldisclosure/2015/Sep/98 - Exploit
References () http://www.securitytracker.com/id/1033684 - () http://www.securitytracker.com/id/1033684 -
References () https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054 - Vendor Advisory () https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054 - Vendor Advisory
References () https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html - Exploit () https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html - Exploit
References () https://profundis-labs.com/advisories/CVE-2015-7323.txt - Exploit () https://profundis-labs.com/advisories/CVE-2015-7323.txt - Exploit

Information

Published : 2015-10-05 15:59

Updated : 2024-11-21 02:36


NVD link : CVE-2015-7323

Mitre link : CVE-2015-7323

CVE.ORG link : CVE-2015-7323


JSON object : View

Products Affected

juniper

  • pulse_connect_secure
CWE
CWE-264

Permissions, Privileges, and Access Controls