vulnerability
Pulse Secure Pulse Connect Secure: CVE-2016-2125: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0R1 and vTM 18.1 (SA43730)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
3 | (AV:A/AC:L/Au:N/C:P/I:N/A:N) | Oct 31, 2018 | Oct 28, 2020 | Feb 15, 2024 |
Severity
3
CVSS
(AV:A/AC:L/Au:N/C:P/I:N/A:N)
Published
Oct 31, 2018
Added
Oct 28, 2020
Modified
Feb 15, 2024
Description
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
Solution(s)
pulse-secure-pulse-connect-secure-upgrade-8_1r14pulse-secure-pulse-connect-secure-upgrade-8_2r11pulse-secure-pulse-connect-secure-upgrade-8_3r5pulse-secure-pulse-connect-secure-upgrade-9_0r1

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.