Reset Search



SA40207 - [Pulse Secure] File content disclosure issue (CVE-2016-4787)

« Go Back


Product AffectedPulse Connect Secure

An issue was discovered with the Pulse Connect Secure device that could allow an attacker to print out contents from files from a limited and specific directory on the device. When exploited, the files that are accessible (read-only) are related to an authentication, and are system related, but they do not contain configuration or private user data.

This issue takes place on a resource that does not require user authentication.

A byproduct of this issue is that when exploited it will create temporary files that are not cleaned up. If the exploit was run enough times it could eventually fill up the file system where the files exist.  

This issue was assigned: CVE-2016-4787

This issue was responsibly reported to Pulse Secure by a security researcher. 

Pulse Secure is not aware of any public exploitation of this issue. 

This issue is resolved in PCS 8.2r1, 8.1r2, 8.0r10, and 7.4r13.4. 

Software downloads can be located on our support site:
There are no work arounds for this issue. The only way to resolve the issue is to upgrade to a fixed release of software.
Related Links
CVSS Score7.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
Risk Assessment
This vulnerability was discovered and responsibly reported to Pulse Secure by Travis Emmert from the Product Security Team.
Alert TypeSA - Security Advisory
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy ID



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255