ID JUNOS_PULSE_JSA10590.NASL Type nessus Reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. Modified 2021-01-02T00:00:00
Description
According to its self-reported version, the version of IVE / UAC OS
running on the remote host may be affected by an unspecified denial of
service vulnerability that can be triggered by sending a specially
crafted packet to the device. A system restart is required to bring the
device back into service after successful exploitation.
Note that only devices with the hardware acceleration card are affected
by this issue. As a workaround, it is possible to mitigate this
vulnerability by disabling the hardware SSL acceleration card. Nessus
did not verify if the remote device has an SSL acceleration card or if a
workaround has been applied.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(69986);
script_version("2.6");
script_cvs_date("Date: 2018/07/12 19:01:15");
script_cve_id("CVE-2013-5650");
script_bugtraq_id(62354);
script_name(english:"Junos Pulse Secure IVE / UAC OS DoS (JSA10590)");
script_summary(english:"Checks IVE/UAC OS version");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"According to its self-reported version, the version of IVE / UAC OS
running on the remote host may be affected by an unspecified denial of
service vulnerability that can be triggered by sending a specially
crafted packet to the device. A system restart is required to bring the
device back into service after successful exploitation.
Note that only devices with the hardware acceleration card are affected
by this issue. As a workaround, it is possible to mitigate this
vulnerability by disabling the hardware SSL acceleration card. Nessus
did not verify if the remote device has an SSL acceleration card or if a
workaround has been applied."
);
script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10590");
script_set_attribute(
attribute:"solution",
value:
"Upgrade to Juniper IVE/UAC OS version 7.1r5 / 7.2r10 / 7.3r6 / 7.4r3 /
4.1r8.1 / 4.2r5 / 4.3r6 / 4.4r3 or later."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/11");
script_set_attribute(attribute:"patch_publication_date", value:"2013/09/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/19");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:ive_os");
script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_pulse_access_control_service");
script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_pulse_secure_access_service");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/Juniper/IVE OS/Version", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit('Host/Juniper/IVE OS/Version');
match = eregmatch(string:version, pattern:"^([\d.]+)[Rr]([0-9.]+)");
if (isnull(match)) exit(1, 'Error parsing version: ' + version);
release = match[1];
build = match[2];
# check report paranoia settings in order to avoid false positives,
# since a workaround is possible, and only devices with SSL acceleration
# cards are vulnerable
if (report_paranoia < 2) audit(AUDIT_PARANOID);
fix = '';
# IVE-SA
if (release == '7.1' && ver_compare(ver:build, fix:'5', strict:FALSE) == -1)
fix = '7.1r5';
if (release == '7.2' && ver_compare(ver:build, fix:'10', strict:FALSE) == -1)
fix = '7.2r10';
if (release == '7.3' && ver_compare(ver:build, fix:'6', strict:FALSE) == -1)
fix = '7.3r6';
if (release == '7.4' && ver_compare(ver:build, fix:'3', strict:FALSE) == -1)
fix = '7.4r3';
# IVE-IC (UAC OS)
if (release == '4.1' && ver_compare(ver:build, fix:'8.1', strict:FALSE) == -1)
fix = '4.1r8.1';
if (release == '4.2' && ver_compare(ver:build, fix:'5', strict:FALSE) == -1)
fix = '4.2r5';
if (release == '4.3' && ver_compare(ver:build, fix:'6', strict:FALSE) == -1)
fix = '4.3r6';
if (release == '4.4' && ver_compare(ver:build, fix:'3', strict:FALSE) == -1)
fix = '4.4r3';
if (fix != '')
{
if (report_verbosity > 0)
{
report =
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
security_warning(port:0, extra:report);
}
else security_warning(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'IVE/UAC OS', version);
{"id": "JUNOS_PULSE_JSA10590.NASL", "bulletinFamily": "scanner", "title": "Junos Pulse Secure IVE / UAC OS DoS (JSA10590)", "description": "According to its self-reported version, the version of IVE / UAC OS\nrunning on the remote host may be affected by an unspecified denial of\nservice vulnerability that can be triggered by sending a specially\ncrafted packet to the device. A system restart is required to bring the\ndevice back into service after successful exploitation. \n\nNote that only devices with the hardware acceleration card are affected\nby this issue. As a workaround, it is possible to mitigate this\nvulnerability by disabling the hardware SSL acceleration card. Nessus\ndid not verify if the remote device has an SSL acceleration card or if a\nworkaround has been applied.", "published": "2013-09-19T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/69986", "reporter": "This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.", "references": ["https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10590"], "cvelist": ["CVE-2013-5650"], "type": "nessus", "lastseen": "2021-01-01T03:19:44", "edition": 23, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-5650"]}], "modified": "2021-01-01T03:19:44", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-01-01T03:19:44", "rev": 2}, "vulnersScore": 6.4}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69986);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2013-5650\");\n script_bugtraq_id(62354);\n\n script_name(english:\"Junos Pulse Secure IVE / UAC OS DoS (JSA10590)\");\n script_summary(english:\"Checks IVE/UAC OS version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version, the version of IVE / UAC OS\nrunning on the remote host may be affected by an unspecified denial of\nservice vulnerability that can be triggered by sending a specially\ncrafted packet to the device. A system restart is required to bring the\ndevice back into service after successful exploitation. \n\nNote that only devices with the hardware acceleration card are affected\nby this issue. As a workaround, it is possible to mitigate this\nvulnerability by disabling the hardware SSL acceleration card. Nessus\ndid not verify if the remote device has an SSL acceleration card or if a\nworkaround has been applied.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10590\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to Juniper IVE/UAC OS version 7.1r5 / 7.2r10 / 7.3r6 / 7.4r3 /\n4.1r8.1 / 4.2r5 / 4.3r6 / 4.4r3 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:ive_os\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_pulse_access_control_service\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_pulse_secure_access_service\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Juniper/IVE OS/Version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit('Host/Juniper/IVE OS/Version');\nmatch = eregmatch(string:version, pattern:\"^([\\d.]+)[Rr]([0-9.]+)\");\nif (isnull(match)) exit(1, 'Error parsing version: ' + version);\n\nrelease = match[1];\nbuild = match[2];\n\n# check report paranoia settings in order to avoid false positives,\n# since a workaround is possible, and only devices with SSL acceleration\n# cards are vulnerable\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nfix = '';\n\n# IVE-SA\nif (release == '7.1' && ver_compare(ver:build, fix:'5', strict:FALSE) == -1)\n fix = '7.1r5';\nif (release == '7.2' && ver_compare(ver:build, fix:'10', strict:FALSE) == -1)\n fix = '7.2r10';\nif (release == '7.3' && ver_compare(ver:build, fix:'6', strict:FALSE) == -1)\n fix = '7.3r6';\nif (release == '7.4' && ver_compare(ver:build, fix:'3', strict:FALSE) == -1)\n fix = '7.4r3';\n\n# IVE-IC (UAC OS)\nif (release == '4.1' && ver_compare(ver:build, fix:'8.1', strict:FALSE) == -1)\n fix = '4.1r8.1';\nif (release == '4.2' && ver_compare(ver:build, fix:'5', strict:FALSE) == -1)\n fix = '4.2r5';\nif (release == '4.3' && ver_compare(ver:build, fix:'6', strict:FALSE) == -1)\n fix = '4.3r6';\nif (release == '4.4' && ver_compare(ver:build, fix:'3', strict:FALSE) == -1)\n fix = '4.4r3';\n\nif (fix != '')\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'IVE/UAC OS', version);\n", "naslFamily": "Misc.", "pluginID": "69986", "cpe": ["cpe:/o:juniper:ive_os", "cpe:/a:juniper:junos_pulse_access_control_service", "cpe:/a:juniper:junos_pulse_secure_access_service"], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T12:46:07", "description": "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet.", "edition": 3, "cvss3": {}, "published": "2013-09-16T19:14:00", "title": "CVE-2013-5650", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5650"], "modified": "2017-08-29T01:33:00", "cpe": ["cpe:/a:juniper:junos_pulse_secure_access_service:7.4", "cpe:/a:juniper:junos_pulse_access_control_service:4.3", "cpe:/a:juniper:junos_pulse_secure_access_service:7.2", "cpe:/a:juniper:junos_pulse_access_control_service:4.4", "cpe:/a:juniper:junos_pulse_access_control_service:4.1", "cpe:/a:juniper:junos_pulse_secure_access_service:7.1", "cpe:/a:juniper:junos_pulse_access_control_service:4.2", "cpe:/a:juniper:junos_pulse_secure_access_service:7.3"], "id": "CVE-2013-5650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5650", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.3:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.2:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*"]}]}
