Reset Search
 

 
Article

SA40206 - [Pulse Secure] Denial of service issue possible (CVE-2016-4786)

Printable View
« Go Back

Information

 
Product AffectedPulse Connect Secure
Problem
An issue was discovered in the Pulse Connect Secure device that would allow an attacker to impact CPU performance. This issue exists on non-authenticated resources. This issue was assigned CVE-2016-4786.

This issue was responsibly reported to Pulse Secure by a security researcher. 

Pulse Secure is not aware of any public exploitation of this issue. 
Solution
This issue has been resolved in PCS 8.2R1, 8.1R3, 8.0r11, and 7.4R13.4.

Software downloads can be located on our support site: https://my.pulsesecure.net
Workaround
There is no work around for this issue. The only way to resolve the issue is to upgrade to a fixed release of software. 
Implementation
Related Links
CVSS Score7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Risk Assessment
Acknowledgements
This vulnerability was discovered and responsibly reported to Pulse Secure by Travis Emmert from the Salesforce.com Product Security Team.
Alert TypeSA - Security Advisory
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255