The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Pulse Connect Secure

vulnerability note CVE-2018-5299

Pulse Connect Secure: buffer overflow via Web Server

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Web Server of Pulse Connect Secure, in order to trigger a denial of service, and possibly to run code.
Impacted products: Pulse Connect Secure.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 17/01/2018.
Identifiers: CVE-2018-5299, SA43604, VIGILANCE-VUL-25094.

Description of the vulnerability

An attacker can generate a buffer overflow via Web Server of Pulse Connect Secure, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-17947

Pulse Connect Secure: Cross Site Scripting via custompage.cgi

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via custompage.cgi of Pulse Connect Secure, in order to run JavaScript code in the context of the web site.
Impacted products: Pulse Connect Secure.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 17/01/2018.
Identifiers: CVE-2017-17947, SA43018, VIGILANCE-VUL-25092.

Description of the vulnerability

The Pulse Connect Secure product offers a web service.

However, it does not filter received data via custompage.cgi before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via custompage.cgi of Pulse Connect Secure, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-0486

XMLTooling-C: privilege escalation via DTD Processing

Synthesis of the vulnerability

An attacker can bypass restrictions via DTD Processing of XMLTooling-C, in order to escalate his privileges.
Impacted products: Debian, openSUSE Leap, Pulse Connect Secure, Shibboleth SP, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Creation date: 15/01/2018.
Identifiers: CVE-2018-0486, DLA-1242-1, DSA-4085-1, openSUSE-SU-2018:0158-1, openSUSE-SU-2018:0738-1, SA43877, SUSE-SU-2018:0140-1, VIGILANCE-VUL-25037.

Description of the vulnerability

An attacker can bypass restrictions via DTD Processing of XMLTooling-C, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-11455

Pulse Connect Secure: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Pulse Connect Secure, in order to force the victim to perform operations.
Impacted products: Pulse Connect Secure.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 28/08/2017.
Identifiers: CVE-2017-11455, SA40793, VIGILANCE-VUL-23628.

Description of the vulnerability

The Pulse Connect Secure product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Pulse Connect Secure, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-11193 CVE-2017-11194 CVE-2017-11195

Pulse Connect Secure: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Pulse Connect Secure.
Impacted products: Pulse Connect Secure.
Severity: 2/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/07/2017.
Revision date: 13/07/2017.
Identifiers: CVE-2017-11193, CVE-2017-11194, CVE-2017-11195, CVE-2017-11196, SA40771, VIGILANCE-VUL-23192.

Description of the vulnerability

Several vulnerabilities were announced in Pulse Connect Secure.

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2017-11194, CVE-2017-11195]

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2017-11193, CVE-2017-11196]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-10142

IPv6: denial of service via Packet Too Big and Fragmentation

Synthesis of the vulnerability

An attacker can use ICMP Packet Too Big to force the generation of IPv6 fragments, in order to trigger a denial of service.
Impacted products: BIG-IP Hardware, TMOS, Juniper J-Series, Junos OS, SRX-Series, Linux, IP protocol, Pulse Connect Secure, RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 21/03/2017.
Identifiers: 1415908, CERTFR-2017-AVI-111, CVE-2016-10142, JSA10780, K46535047, K57211290, RHSA-2017:0817-01, SA43730, VIGILANCE-VUL-22208.

Description of the vulnerability

An attacker can use ICMP Packet Too Big to force the generation of IPv6 fragments, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-7055 CVE-2017-3730 CVE-2017-3731

OpenSSL: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Brocade vTM, Cisco ASR, Cisco ATA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Router, Cisco CUCM, Cisco Manager Attendant Console, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, hMailServer, AIX, Domino, Notes, IRAD, Rational ClearCase, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Junos OS, Juniper Network Connect, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, ePO, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, pfSense, Pulse Connect Secure, Pulse Secure Client, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, TrendMicro ServerProtect, Ubuntu, VxWorks, WinSCP.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 26/01/2017.
Identifiers: 1117414, 2000544, 2000988, 2000990, 2002331, 2004036, 2004940, 2009389, 2010154, 2011567, 2012827, 2014202, 2014651, 2014669, 2015080, BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, bulletinapr2017, bulletinjan2018, bulletinoct2017, CERTFR-2017-AVI-035, CERTFR-2018-AVI-343, cisco-sa-20170130-openssl, cpuapr2017, cpuapr2019, cpujan2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FG-IR-17-019, FreeBSD-SA-17:02.openssl, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10775, K37526132, K43570545, K44512851, K-510805, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0481-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2017:2011-1, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0458-1, PAN-70674, PAN-73914, PAN-SA-2017-0012, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2017:0286-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA141, SA40423, SB10188, SSA:2017-041-02, SUSE-SU-2018:0112-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-03, USN-3181-1, VIGILANCE-VUL-21692.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can force a read at an invalid address via Truncated Packet, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-3731]

An attacker can force a NULL pointer to be dereferenced via DHE/ECDHE Parameters, in order to trigger a denial of service. [severity:2/4; CVE-2017-3730]

An attacker can use a carry propagation error via BN_mod_exp(), in order to compute the private key. [severity:1/4; CVE-2017-3732]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-2123 CVE-2016-2125

Samba: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, openSUSE Leap, Pulse Connect Secure, RHEL, Samba, Slackware, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, client access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/12/2016.
Identifiers: CERTFR-2016-AVI-423, CVE-2016-2123, CVE-2016-2125, CVE-2016-2126-REJECTERROR, DLA-776-1, DSA-3740-1, FEDORA-2016-364f61377b, FEDORA-2017-d0a537062c, openSUSE-SU-2017:0020-1, openSUSE-SU-2017:0021-1, RHSA-2017:0662-01, RHSA-2017:0744-01, RHSA-2017:1265-01, SA43730, SSA:2016-363-02, USN-3158-1, VIGILANCE-VUL-21416, ZDI-17-053.

Description of the vulnerability

Several vulnerabilities were announced in Samba.

An attacker can generate an integer overflow via ndr_pull_dnsp_name(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2123, ZDI-17-053]

An attacker can bypass security features via a Kerberos ticket, in order to escalate his privileges. [severity:2/4; CVE-2016-2125]

An attacker can bypass security features via tjhe cryptographic algorithm arcfour-hmac-md5 is used, in order to escalate his privileges. [severity:2/4; CVE-2016-2126-REJECTERROR]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Impacted products: Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Wireless Controller, NetWorker, VNX Operating Environment, VNX Series, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, IRAD, Tivoli Storage Manager, Junos OS, Juniper Network Connect, NSM Central Manager, NSMXpress, SRX-Series, MySQL Community, MySQL Enterprise, Data ONTAP, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, pfSense, Pulse Connect Secure, Pulse Secure Client.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpuapr2019, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-8610

OpenSSL: denial of service via SSL3_AL_WARNING

Synthesis of the vulnerability

An attacker can send SSL3_AL_WARNING packets to an SSLv3 application linked to OpenSSL, in order to trigger a denial of service.
Impacted products: OpenOffice, Debian, Fedora, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, IRAD, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper ISG, Juniper J-Series, Junos OS, SSG, SRX-Series, Meinberg NTP Server, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle Identity Management, Solaris, WebLogic, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, RHEL, JBoss EAP by Red Hat, Shibboleth SP, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 24/10/2016.
Identifiers: 1996096, 2000095, 2003480, 2003620, 2003673, 2004940, 2009389, bulletinoct2016, cpujul2019, CVE-2016-8610, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FreeBSD-SA-16:35.openssl, HPESBHF03897, JSA10808, JSA10809, JSA10810, JSA10811, JSA10813, JSA10814, JSA10816, JSA10817, JSA10818, JSA10820, JSA10821, JSA10822, JSA10825, openSUSE-SU-2017:0386-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2018:4104-1, PAN-SA-2017-0017, pfSense-SA-17_03.webgui, RHSA-2017:0286-01, RHSA-2017:0574-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA40886, SP-CAAAPUE, SPL-129207, SUSE-SU-2017:0304-1, SUSE-SU-2017:0348-1, SUSE-SU-2018:0112-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3964-1, SUSE-SU-2018:3994-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:1553-1, USN-3181-1, USN-3183-1, USN-3183-2, VIGILANCE-VUL-20941.

Description of the vulnerability

The OpenSSL product implements the SSL version 3 protocol.

The SSL3_AL_WARNING message is used to send an alert of level Warning. However, when these packets are received during the handshake, the library consumes 100% of CPU.

An attacker can therefore send SSL3_AL_WARNING packets to an SSLv3 application linked to OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Pulse Connect Secure: