Vulnerability CVE-2014-3812


Published: 2014-06-13   Modified: 2014-06-16

Description:
The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Juniper -> Secure access 700 
Juniper -> Ive os 
Juniper -> Fips infranet controller 6500 
Juniper -> Unified access control software 
Juniper -> Fips secure access 4000 
Juniper -> Fips secure access 4500 
Juniper -> Fips secure access 6000 
Juniper -> Fips secure access 6500 
Juniper -> Infranet controller 4000 
Juniper -> Infranet controller 4500 
Juniper -> Infranet controller 6000 
Juniper -> Infranet controller 6500 
Juniper -> Mag2600 gateway 
Juniper -> Mag4610 gateway 
Juniper -> Mag6610 gateway 
Juniper -> Mag6611 gateway 
Juniper -> Secure access 2500 
Juniper -> Secure access 4500 

 References:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10628

Copyright 2024, cxsecurity.com

 

Back to Top