PT-2014-5519 · Juniper Networks · Junos Pulse Secure Access Service+1
Published
2014-06-13
·
Updated
2014-06-16
·
CVE-2014-3812
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Juniper Junos Pulse Secure Access Service (SSL VPN) versions prior to 7.4r5
Juniper Junos Pulse Secure Access Service (SSL VPN) versions 8.x prior to 8.0r1
Juniper Junos Pulse Access Control Service (UAC) versions prior to 4.4r5
Juniper Junos Pulse Access Control Service (UAC) versions 5.x prior to 5.0r1
Description
The issue allows remote attackers to obtain sensitive information by sniffing the network, due to the use of weak encryption algorithms in enabled cipher suites.
Recommendations
For Juniper Junos Pulse Secure Access Service (SSL VPN) versions prior to 7.4r5, update to version 7.4r5 or later.
For Juniper Junos Pulse Secure Access Service (SSL VPN) versions 8.x prior to 8.0r1, update to version 8.0r1 or later.
For Juniper Junos Pulse Access Control Service (UAC) versions prior to 4.4r5, update to version 4.4r5 or later.
For Juniper Junos Pulse Access Control Service (UAC) versions 5.x prior to 5.0r1, update to version 5.0r1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos Pulse Access Control Service
Junos Pulse Secure Access Service