Reset Search



SA40210 - [Pulse Secure] Information disclosure possible on admin UI (CVE-2016-4791)

« Go Back


Product AffectedPulse Connect Secure
An information disclosure issue was discovered on the Pulse Connect Secure device. This issue exists on the administrative user interface and requires admin level access. Because of the required admin access the risk of the issue is limited and may not be a problem for most organizations. This issue was assigned: CVE-2016-4791.

When exploited this issue could allow file discovery and file reading on the device. It could also allow an admin to access devices and services through the system through server side request forgery (SSRF). 

This issue was responsibly reported to Pulse Secure by a security researcher. 

Pulse Secure is not aware of any public exploitation of this issue. 
This issue is resolved in PCS 8.2r1, 8.1r2, 8.0r9, and 7.4r13.4. 

Software downloads can be located on our support site:
There are no work arounds for this issue. The only way to resolve the issue is to upgrade to a fixed release of software. 
Related Links
CVSS Score7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Risk Assessment
This vulnerability was discovered and responsibly reported to the vendor by Anton Rager from the Product Security Team.
Alert TypeSA - Security Advisory
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy ID



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255