PT-2013-4766 · Juniper Networks · Junos Pulse Access Control Service+1
Publicado
2013-06-13
·
Atualizado
2013-06-13
·
CVE-2013-3970
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Juniper Junos Pulse Secure Access Service (aka SSL VPN) versions 7.0r2 through 7.0r8
Juniper Junos Pulse Secure Access Service (aka SSL VPN) versions 7.1r1 through 7.1r5
Juniper Junos Pulse Access Control Service (aka UAC) versions 4.1r1 through 4.1r5
Description
The issue allows man-in-the-middle attackers to spoof SSL servers by leveraging control over a test Certification Authority (CA) certificate included in the Trusted Server CAs list.
Recommendations
For Juniper Junos Pulse Secure Access Service (aka SSL VPN) versions 7.0r2 through 7.0r8, remove the test Certification Authority (CA) certificate from the Trusted Server CAs list.
For Juniper Junos Pulse Secure Access Service (aka SSL VPN) versions 7.1r1 through 7.1r5, remove the test Certification Authority (CA) certificate from the Trusted Server CAs list.
For Juniper Junos Pulse Access Control Service (aka UAC) versions 4.1r1 through 4.1r5, remove the test Certification Authority (CA) certificate from the Trusted Server CAs list.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Junos Pulse Access Control Service
Junos Pulse Secure Access Service