CVE-2014-3823

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0::::::
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0::::::
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0::::::
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0::::::
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:::::::*

Information

Published : 2014-09-29 07:55

Updated : 2014-09-30 20:30

NVD link : CVE-2014-3823

Mitre link : CVE-2014-3823

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

juniper

junos_pulse_secure_access_service

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647", "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3823", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2014-09-29T14:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-10-01T03:30Z"}

4.3 /10