Vulnerability Details : CVE-2015-7323
The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.
Products affected by CVE-2015-7323
- cpe:2.3:a:juniper:pulse_connect_secure:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:pulse_connect_secure:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:pulse_connect_secure:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:pulse_connect_secure:7.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7323
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7323
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2015-7323
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7323
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054
Pulse Security Advisory: SA40054 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization (CVE-2015-7323)Vendor Advisory
-
https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html
Junos Pulse Secure Meeting 8.0.5 Access Bypass ≈ Packet StormExploit
-
https://profundis-labs.com/advisories/CVE-2015-7323.txt
Exploit
-
http://seclists.org/fulldisclosure/2015/Sep/98
Full Disclosure: CVE-2015-7323 - Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorizationExploit
-
http://www.securitytracker.com/id/1033684
Pulse Connect Secure Access Control Flaw in Secure Meeting Component Lets Remote Authenticated Users Join Meetings on the Target System - SecurityTracker
Jump to