Vulnerability CVE-2014-3824

Vulnerability CVE-2014-3824

Published: 2014-09-29

Description:

Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Juniper -> Junos pulse secure access service

References:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646

http://www.securityfocus.com/bid/69804

Copyright 2024, cxsecurity.com