CVE-2016-4786

moderate-risk

Published 2016-05-26

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

Do I need to act?

3.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (5)

Pulse Connect Secure

Connect Secure

Pulse Connect Secure

Connect Secure

Affected Vendors

Ivanti Pulsesecure

References (4)

http://www.securitytracker.com/id/1035932

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40206

http://www.securitytracker.com/id/1035932

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40206

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 7/34 · Low

Exposure 12/34 · Low