Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-5369

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.

Published

2015-08-11T14:59:12.710

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-17
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application juniper pulse_connect_secure 5.1 Yes
Application juniper pulse_connect_secure 7.1 Yes
Application juniper pulse_connect_secure 7.4 Yes
Application juniper pulse_connect_secure 8.0 Yes
Application juniper pulse_connect_secure 8.1 Yes
Hardware juniper mag_pcs360 - No
Hardware juniper pcs6000 - No
Hardware juniper pcs6500 - No
References