Lucene search

[email protected]CVE-2015-5369

HistoryAug 11, 2015 - 2:59 p.m.

CVE-2015-5369

2015-08-1114:59:12

CWE-17

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-5369

pulse connect secure

pcs

juniper pcs

mag psc360

security vulnerability

mitm attack

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

JSON

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.

Affected configurations

NVD

Node

juniperpulse_connect_secureMatch5.1

juniperpulse_connect_secureMatch7.1

juniperpulse_connect_secureMatch7.4

juniperpulse_connect_secureMatch8.0

juniperpulse_connect_secureMatch8.1

AND

junipermag_pcs360Match-

juniperpcs6000Match-

juniperpcs6500Match-

CPENameOperatorVersion
juniper:pulse_connect_securejuniper pulse connect secureeq5.1
juniper:pulse_connect_securejuniper pulse connect secureeq7.1
juniper:pulse_connect_securejuniper pulse connect secureeq7.4
juniper:pulse_connect_securejuniper pulse connect secureeq8.0
juniper:pulse_connect_securejuniper pulse connect secureeq8.1

CPE	Name	Operator	Version
juniper:pulse_connect_secure	juniper pulse connect secure	eq	5.1
juniper:pulse_connect_secure	juniper pulse connect secure	eq	7.1
juniper:pulse_connect_secure	juniper pulse connect secure	eq	7.4
juniper:pulse_connect_secure	juniper pulse connect secure	eq	8.0
juniper:pulse_connect_secure	juniper pulse connect secure	eq	8.1

References

kb.juniper.net/InfoCenter/index?page=content&id=TSB16756

www.securitytracker.com/id/1033166

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004

vivaldi.net/en-US/blogs/entry/the-poodle-has-friends

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

JSON

Related for CVE-2015-5369

cvelist1 nvd1 prion1 githubexploit1