CVE-2016-3985 — Improper Access Control in Pulse Connect Secure

CWE-284 — Improper Access Control3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 62.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pulsesecure Pulse Connect Secure
Timeline
PublishedApr 12
Latest updateMay 17

Description

The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

â–¶NVDpulsesecure/pulse_connect_secure8.1r7, 8.2r1+1

🔴Vulnerability Details

2
GHSA
GHSA-x49x-hm58-9c2j: The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8↗2022-05-17
â–¶
CVEList
CVE-2016-3985: The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8↗2016-04-08
â–¶
CVE-2016-3985 — Improper Access Control | cvebase