Lucene search

[email protected]CVE-2014-3812

HistoryJun 13, 2014 - 2:55 p.m.

CVE-2014-3812

2014-06-1314:55:16

CWE-310

[email protected]

web.nvd.nist.gov

juniper

junos pulse

ssl vpn

ive os

access control service

uac

cve-2014-3812

vulnerability

weak encryption

network security

information security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.5%

JSON

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network.

Affected configurations

NVD

Node

juniperive_osMatch7.4

juniperive_osMatch8.0

juniperunified_access_control_softwareMatch4.4

juniperunified_access_control_softwareMatch5.0

AND

juniperfips_infranet_controller_6500Match-

juniperfips_secure_access_4000Match-

juniperfips_secure_access_4500Match-

juniperfips_secure_access_6000Match-

juniperfips_secure_access_6500Match-

juniperinfranet_controller_4000Match-

juniperinfranet_controller_4500Match-

juniperinfranet_controller_6000Match-

juniperinfranet_controller_6500Match-

junipermag2600_gatewayMatch-

junipermag4610_gatewayMatch-

junipermag6610_gatewayMatch-

junipermag6611_gatewayMatch-

junipersecure_access_2500Match-

junipersecure_access_4500Match-

junipersecure_access_700Match-

CPENameOperatorVersion
juniper:ive_osjuniper ive oseq7.4
juniper:ive_osjuniper ive oseq8.0
juniper:unified_access_control_softwarejuniper unified access control softwareeq4.4
juniper:unified_access_control_softwarejuniper unified access control softwareeq5.0
juniper:fips_infranet_controller_6500juniper fips infranet controller 6500eq-
juniper:fips_secure_access_4000juniper fips secure access 4000eq-
juniper:fips_secure_access_4500juniper fips secure access 4500eq-
juniper:fips_secure_access_6000juniper fips secure access 6000eq-
juniper:fips_secure_access_6500juniper fips secure access 6500eq-
juniper:infranet_controller_4000juniper infranet controller 4000eq-

CPE	Name	Operator	Version
juniper:ive_os	juniper ive os	eq	7.4
juniper:ive_os	juniper ive os	eq	8.0
juniper:unified_access_control_software	juniper unified access control software	eq	4.4
juniper:unified_access_control_software	juniper unified access control software	eq	5.0
juniper:fips_infranet_controller_6500	juniper fips infranet controller 6500	eq	-
juniper:fips_secure_access_4000	juniper fips secure access 4000	eq	-
juniper:fips_secure_access_4500	juniper fips secure access 4500	eq	-
juniper:fips_secure_access_6000	juniper fips secure access 6000	eq	-
juniper:fips_secure_access_6500	juniper fips secure access 6500	eq	-
juniper:infranet_controller_4000	juniper infranet controller 4000	eq	-

Rows per page:

1-10 of 201

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10628

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.5%

JSON

Related for CVE-2014-3812

nvd1 nessus1 prion1 cvelist1