Question 1

What is CVE-2016-4786?

Accepted Answer

CVE-2016-4786 is a high-severity software vulnerability with a CVSS score of 7.5. Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

Question 2

Is CVE-2016-4786 being actively exploited?

Accepted Answer

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 2%.

Question 3

What products does CVE-2016-4786 affect?

Accepted Answer

Tracked products affected include Ivanti Connect Secure, Pulse Connect Secure. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2016-4786?

Accepted Answer

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2016-4786

Summary

Impact & exploitability

Affected products we track (2)

Recommendation

Additional information