CVE-2016-3985

Published: Apr 12, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.

Affected (2)

Products: Pulsesecure: Pulse Connect Secure

Pulsesecure

1 product

Pulse Connect Secure

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pulsesecure Pulse Connect Secure	Version 8.1r7
Pulsesecure Pulse Connect Secure	Version 8.2r1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://www.securitytracker.com/id/1035129

Source: cve@mitre.org

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40166

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1035129

Source: af854a3a-2127-422b-91ae-364da2661108

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40166

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.