CVE-2016-4786
published 2016-05-26CVE-2016-4786: Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service…
PriorityP432high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.10%
79.3th percentile
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| pulsesecure | pulse_connect_secure | — | — |
| pulsesecure | pulse_connect_secure | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_cisco7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8w55-xhm5-jh9r: Pulse Connect Secure (PCS) 8
ghsa_unreviewed·2022-05-13
CVE-2016-4786 [HIGH] GHSA-8w55-xhm5-jh9r: Pulse Connect Secure (PCS) 8
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
Cisco
Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
vendor_cisco·2016-09-28·CVSS 7.8
CVE-2016-6385 [HIGH] CWE-399 Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device.
The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affecte
Ivanti
Ivanti Security Advisory: CVE-2016-4786
vendor_ivanti·2016-05-26·CVSS 7.5
CVE-2016-4786 [HIGH] Ivanti Security Advisory: CVE-2016-4786
Ivanti Security Advisory: CVE-2016-4786
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE IDs: CVE-2016-4786
CVSS Base Score: 7.5
Severity: HIGH
Cisco
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
vendor_cisco·2016-03-23·CVSS 7.8
CVE-2016-1349 [HIGH] CWE-399 Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the vulnerable device.
This advisory is available at th
Cisco
Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
vendor_cisco
CVE-2016-6385 Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
CVE-2016-6385: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no
CWE: CWE-399, CWE-399
Bug IDs: CSCuy82367, CSCtj75729, CSCtj75729
Cisco
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
vendor_cisco
CVE-2016-1349 Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
CVE-2016-1349: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no
CWE: CWE-399, CWE-399
Bug IDs: CSCuv45410, CSCtj75729, CSCtj75729
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-05-26
Published