CVE-2013-3970
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.
Juniper Junos Pulse Secure Access Service (también conocido como SSL VPN) con IVE OS v7.0r2 hasta v7.0r8 y v7.1r1 hasta v7.1r5 y Junos Pulse Access Control Service (también conocido como UAC) con UAC OS v4.1r1 hasta v4.1r5 incluyen un certificado de prueba en la lista Trusted Server CAs, que hace más fácil a atacantes man-in-the-middle burlar servidores SSL aprovechando el control de esa prueba CA.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-06 CVE Reserved
- 2013-06-13 CVE Published
- 2024-04-25 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.0r2 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.0r2" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.0r3 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.0r3" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.0r4 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.0r4" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.0r5 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.0r5" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.0r5.1 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.0r5.1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.0r6 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.0r6" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.0r7 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.0r7" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.0r8 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.0r8" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.1r1 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.1r1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.1r1.1 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.1r1.1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.1r2 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.1r2" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.1r3 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.1r3" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.1r4 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.1r4" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Secure Access Service Search vendor "Juniper" for product "Junos Pulse Secure Access Service" | 7.1r5 Search vendor "Juniper" for product "Junos Pulse Secure Access Service" and version "7.1r5" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Access Control Service Search vendor "Juniper" for product "Junos Pulse Access Control Service" | 4.1r1 Search vendor "Juniper" for product "Junos Pulse Access Control Service" and version "4.1r1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Access Control Service Search vendor "Juniper" for product "Junos Pulse Access Control Service" | 4.1r1.1 Search vendor "Juniper" for product "Junos Pulse Access Control Service" and version "4.1r1.1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Access Control Service Search vendor "Juniper" for product "Junos Pulse Access Control Service" | 4.1r2 Search vendor "Juniper" for product "Junos Pulse Access Control Service" and version "4.1r2" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Access Control Service Search vendor "Juniper" for product "Junos Pulse Access Control Service" | 4.1r3 Search vendor "Juniper" for product "Junos Pulse Access Control Service" and version "4.1r3" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Access Control Service Search vendor "Juniper" for product "Junos Pulse Access Control Service" | 4.1r4 Search vendor "Juniper" for product "Junos Pulse Access Control Service" and version "4.1r4" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Pulse Access Control Service Search vendor "Juniper" for product "Junos Pulse Access Control Service" | 4.1r5 Search vendor "Juniper" for product "Junos Pulse Access Control Service" and version "4.1r5" | - |
Affected
| ||||||