Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-3970

Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.

Published

2013-06-13T16:47:25.930

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-310

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	juniper	junos_pulse_secure_access_service	7.0r2	Yes
Application	juniper	junos_pulse_secure_access_service	7.0r3	Yes
Application	juniper	junos_pulse_secure_access_service	7.0r4	Yes
Application	juniper	junos_pulse_secure_access_service	7.0r5	Yes
Application	juniper	junos_pulse_secure_access_service	7.0r5.1	Yes
Application	juniper	junos_pulse_secure_access_service	7.0r6	Yes
Application	juniper	junos_pulse_secure_access_service	7.0r7	Yes
Application	juniper	junos_pulse_secure_access_service	7.0r8	Yes
Application	juniper	junos_pulse_secure_access_service	7.1r1	Yes
Application	juniper	junos_pulse_secure_access_service	7.1r1.1	Yes
Application	juniper	junos_pulse_secure_access_service	7.1r2	Yes
Application	juniper	junos_pulse_secure_access_service	7.1r3	Yes
Application	juniper	junos_pulse_secure_access_service	7.1r4	Yes
Application	juniper	junos_pulse_secure_access_service	7.1r5	Yes
Application	juniper	junos_pulse_access_control_service	4.1r1	Yes
Application	juniper	junos_pulse_access_control_service	4.1r1.1	Yes
Application	juniper	junos_pulse_access_control_service	4.1r2	Yes
Application	juniper	junos_pulse_access_control_service	4.1r3	Yes
Application	juniper	junos_pulse_access_control_service	4.1r4	Yes
Application	juniper	junos_pulse_access_control_service	4.1r5	Yes

References

http://kb.juniper.net/JSA10571 Patch, Vendor Advisory ([email protected])
http://kb.juniper.net/JSA10571 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)