PT-2014-1958 · Juniper Networks · Junos Pulse Secure Access Service

Published

2014-09-29

Updated

2014-10-01

CVE-2014-3823

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Junos Pulse Secure Access Service (SSL VPN) versions prior to 8.0r1 Junos Pulse Secure Access Service (SSL VPN) versions 7.4 before 7.4r5 Junos Pulse Secure Access Service (SSL VPN) versions 7.1 before 7.1r18

Description The issue allows remote attackers to conduct clickjacking attacks via unspecified vectors. This could potentially lead to unauthorized actions being performed on behalf of the user.

Recommendations For versions prior to 8.0r1, update to version 8.0r1 or later. For versions 7.4 before 7.4r5, update to version 7.4r5 or later. For versions 7.1 before 7.1r18, update to version 7.1r18 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-10414

CVE-2014-3823

Affected Products

Junos Pulse Secure Access Service

PT-2014-1958 · Juniper Networks · Junos Pulse Secure Access Service

CVE-2014-3823

Weakness Enumeration

Related Identifiers

Affected Products

References · 5