ID

VAR-201406-0373


CVE

CVE-2014-3812


TITLE

Juniper Junos Pulse Secure Access Service Device IVE OS and Junos Pulse Access Control Service Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-002928

DESCRIPTION

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information that may aid in further attacks. The former is a client that supports remote and mobile users to access corporate resources with various Web devices. The latter is a standards-based, scalable network access control solution. A remote attacker could exploit this vulnerability to obtain sensitive information by sniffing the network

Trust: 1.98

sources: NVD: CVE-2014-3812 // JVNDB: JVNDB-2014-002928 // BID: 68192 // VULHUB: VHN-71752

AFFECTED PRODUCTS

vendor:junipermodel:unified access control softwarescope:eqversion:5.0

Trust: 1.9

vendor:junipermodel:unified access control softwarescope:eqversion:4.4

Trust: 1.9

vendor:junipermodel:ive osscope:eqversion:8.0

Trust: 1.9

vendor:junipermodel:ive osscope:eqversion:7.4

Trust: 1.9

vendor:junipermodel:fips secure access 4500scope:eqversion: -

Trust: 1.0

vendor:junipermodel:infranet controller 6500scope:eqversion: -

Trust: 1.0

vendor:junipermodel:secure access 2500scope:eqversion: -

Trust: 1.0

vendor:junipermodel:fips secure access 6000scope:eqversion: -

Trust: 1.0

vendor:junipermodel:mag4610 gatewayscope:eqversion: -

Trust: 1.0

vendor:junipermodel:infranet controller 6000scope:eqversion: -

Trust: 1.0

vendor:junipermodel:infranet controller 4500scope:eqversion: -

Trust: 1.0

vendor:junipermodel:fips secure access 6500scope:eqversion: -

Trust: 1.0

vendor:junipermodel:mag6611 gatewayscope:eqversion: -

Trust: 1.0

vendor:junipermodel:infranet controller 4000scope:eqversion: -

Trust: 1.0

vendor:junipermodel:fips infranet controller 6500scope:eqversion: -

Trust: 1.0

vendor:junipermodel:secure access 700scope:eqversion: -

Trust: 1.0

vendor:junipermodel:mag6610 gatewayscope:eqversion: -

Trust: 1.0

vendor:junipermodel:mag2600 gatewayscope:eqversion: -

Trust: 1.0

vendor:junipermodel:fips secure access 4000scope:eqversion: -

Trust: 1.0

vendor:junipermodel:secure access 4500scope:eqversion: -

Trust: 1.0

vendor:junipermodel:infranet controller 6500scope: - version: -

Trust: 0.8

vendor:junipermodel:secure access 700scope: - version: -

Trust: 0.8

vendor:junipermodel:fips secure access 4000scope: - version: -

Trust: 0.8

vendor:junipermodel:ive osscope:ltversion:8.x

Trust: 0.8

vendor:junipermodel:ive osscope:eqversion:8.0r1

Trust: 0.8

vendor:junipermodel:infranet controller 4000scope: - version: -

Trust: 0.8

vendor:junipermodel:secure access 6500scope: - version: -

Trust: 0.8

vendor:junipermodel:infranet controller 6500 fipsscope: - version: -

Trust: 0.8

vendor:junipermodel:fips secure access 6000scope: - version: -

Trust: 0.8

vendor:junipermodel:infranet controller 4500scope: - version: -

Trust: 0.8

vendor:junipermodel:mag4610 gatewayscope: - version: -

Trust: 0.8

vendor:junipermodel:junos pulse access control servicescope:eqversion:5.0r1

Trust: 0.8

vendor:junipermodel:mag2600 gatewayscope: - version: -

Trust: 0.8

vendor:junipermodel:mag6611 gatewayscope: - version: -

Trust: 0.8

vendor:junipermodel:secure access 4500scope: - version: -

Trust: 0.8

vendor:junipermodel:infranet controller 6000scope: - version: -

Trust: 0.8

vendor:junipermodel:mag6610 gatewayscope: - version: -

Trust: 0.8

vendor:junipermodel:junos pulse access control servicescope:ltversion:5.x

Trust: 0.8

vendor:junipermodel:fips secure access 6500scope: - version: -

Trust: 0.8

vendor:junipermodel:secure access 2500scope: - version: -

Trust: 0.8

vendor:junipermodel:fips secure access 4500scope: - version: -

Trust: 0.8

vendor:junipermodel:secure accessscope:eqversion:700

Trust: 0.3

vendor:junipermodel:secure accessscope:eqversion:4500

Trust: 0.3

vendor:junipermodel:secure accessscope:eqversion:2500

Trust: 0.3

vendor:junipermodel:mag6611 gatewayscope:eqversion:0

Trust: 0.3

vendor:junipermodel:mag6610 gatewayscope:eqversion:0

Trust: 0.3

vendor:junipermodel:mag4610 gatewayscope:eqversion:0

Trust: 0.3

vendor:junipermodel:mag2600 gatewayscope:eqversion:0

Trust: 0.3

vendor:junipermodel:infranet controllerscope:eqversion:6500

Trust: 0.3

vendor:junipermodel:infranet controllerscope:eqversion:6000

Trust: 0.3

vendor:junipermodel:infranet controllerscope:eqversion:4500

Trust: 0.3

vendor:junipermodel:infranet controllerscope:eqversion:4000

Trust: 0.3

vendor:junipermodel:fips secure accessscope:eqversion:6500

Trust: 0.3

vendor:junipermodel:fips secure accessscope:eqversion:6000

Trust: 0.3

vendor:junipermodel:fips secure accessscope:eqversion:4500

Trust: 0.3

vendor:junipermodel:fips secure accessscope:eqversion:4000

Trust: 0.3

vendor:junipermodel:fips infranet controllerscope:eqversion:6500-

Trust: 0.3

vendor:junipermodel:junos pulse access control service 5.0r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos pulse access control service 4.4r5scope:neversion: -

Trust: 0.3

vendor:junipermodel:ive os 8.0r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:ive os 7.4r5scope:neversion: -

Trust: 0.3

sources: BID: 68192 // JVNDB: JVNDB-2014-002928 // CNNVD: CNNVD-201406-307 // NVD: CVE-2014-3812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3812
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3812
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201406-307
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71752
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3812
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71752
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71752 // JVNDB: JVNDB-2014-002928 // CNNVD: CNNVD-201406-307 // NVD: CVE-2014-3812

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-71752 // JVNDB: JVNDB-2014-002928 // NVD: CVE-2014-3812

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-307

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201406-307

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:infranet_controller_4000"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:infranet_controller_4500"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:infranet_controller_6000"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:infranet_controller_6500"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:fips_infranet_controller_6500"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:juniper:ive_os"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:fips_secure_access_4000"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:fips_secure_access_4500"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:fips_secure_access_6000"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:fips_secure_access_6500"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:mag2600_gateway"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:mag4610_gateway"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:mag6610_gateway"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:mag6611_gateway"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:secure_access_2500"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:secure_access_4500"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:secure_access_6500"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:juniper:secure_access_700"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:juniper:junos_pulse_access_control_service"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2014-002928

PATCH

title:JSA10628url:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10628

Trust: 0.8

sources: JVNDB: JVNDB-2014-002928

EXTERNAL IDS

db:NVDid:CVE-2014-3812

Trust: 2.8

db:JUNIPERid:JSA10628

Trust: 2.0

db:JVNDBid:JVNDB-2014-002928

Trust: 0.8

db:CNNVDid:CNNVD-201406-307

Trust: 0.7

db:BIDid:68192

Trust: 0.4

db:VULHUBid:VHN-71752

Trust: 0.1

sources: VULHUB: VHN-71752 // BID: 68192 // JVNDB: JVNDB-2014-002928 // CNNVD: CNNVD-201406-307 // NVD: CVE-2014-3812

REFERENCES

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10628

Trust: 1.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3812

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3812

Trust: 0.8

url:http://www.juniper.net/

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10628

Trust: 0.1

sources: VULHUB: VHN-71752 // BID: 68192 // JVNDB: JVNDB-2014-002928 // CNNVD: CNNVD-201406-307 // NVD: CVE-2014-3812

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 68192

SOURCES

db:VULHUBid:VHN-71752
db:BIDid:68192
db:JVNDBid:JVNDB-2014-002928
db:CNNVDid:CNNVD-201406-307
db:NVDid:CVE-2014-3812

LAST UPDATE DATE

2024-11-23T22:42:33.708000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-71752date:2014-06-16T00:00:00
db:BIDid:68192date:2014-06-13T00:00:00
db:JVNDBid:JVNDB-2014-002928date:2014-06-17T00:00:00
db:CNNVDid:CNNVD-201406-307date:2014-06-16T00:00:00
db:NVDid:CVE-2014-3812date:2024-11-21T02:08:54.057

SOURCES RELEASE DATE

db:VULHUBid:VHN-71752date:2014-06-13T00:00:00
db:BIDid:68192date:2014-06-13T00:00:00
db:JVNDBid:JVNDB-2014-002928date:2014-06-17T00:00:00
db:CNNVDid:CNNVD-201406-307date:2014-06-16T00:00:00
db:NVDid:CVE-2014-3812date:2014-06-13T14:55:16.040