vulnerability
Pulse Secure Pulse Connect Secure: CVE-2016-2126: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0R1 and vTM 18.1 (SA43730)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | May 11, 2017 | Oct 28, 2020 | Feb 15, 2024 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
May 11, 2017
Added
Oct 28, 2020
Modified
Feb 15, 2024
Description
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
Solutions
pulse-secure-pulse-connect-secure-upgrade-8_1r14pulse-secure-pulse-connect-secure-upgrade-8_2r11pulse-secure-pulse-connect-secure-upgrade-8_3r5pulse-secure-pulse-connect-secure-upgrade-9_0r1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.