CVE-2016-2408

high-risk

Published 2016-08-02

Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors.

Do I need to act?

-

0.06% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Pulse Secure Desktop

Affected Vendors

Pulsesecure

References (8)

http://www.securityfocus.com/bid/92692

http://www.securitytracker.com/id/1036474

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40241

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40241/

http://www.securityfocus.com/bid/92692

http://www.securitytracker.com/id/1036474

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40241

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40241/

56

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 32/34 · Critical