CVE-2013-5650

Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet.

CVSS v2.0 5.4 MEDIUM

5.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:C

Exploitability : 4.9 / Impact : 6.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/54776	Vendor Advisory
https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590	Vendor Advisory
http://osvdb.org/97241
https://exchange.xforce.ibmcloud.com/vulnerabilities/87063

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.2:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:juniper:junos_pulse_access_control_service:4.3:::::::*
	cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:::::::*
	cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:::::::*
	cpe:2.3:a:juniper:junos_pulse_access_control_service:4.2:::::::*

Information

Published : 2013-09-16 12:14

Updated : 2017-08-28 18:33

NVD link : CVE-2013-5650

Mitre link : CVE-2013-5650

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

juniper

junos_pulse_secure_access_service
junos_pulse_access_control_service

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/54776", "name": "54776", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590", "name": "https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/97241", "name": "97241", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063", "name": "juniper-junos-cve20135650-dos(87063)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-5650", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-09-16T19:14Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:33Z"}

5.4 /10