Vulnerability Details : CVE-2015-7322
Potential exploit
The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests.
Vulnerability category: Information leak
Products affected by CVE-2015-7322
- cpe:2.3:a:juniper:pulse_connect_secure:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:pulse_connect_secure:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:pulse_connect_secure:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:pulse_connect_secure:7.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7322
0.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7322
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-7322
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7322
-
https://profundis-labs.com/advisories/CVE-2015-7322.txt
Exploit
-
http://www.securitytracker.com/id/1033685
Pulse Connect Secure Discloses Valid Meeting ID Numbers to Remote Users - SecurityTracker
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40053
Pulse Security Advisory: SA40053 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) information disclosure vulnerability (CVE-2015-7322)Vendor Advisory
Jump to