Vulnerability CVE-2013-5650 - CERT Civis.Net

Vulnerability Name:

CVE-2013-5650 (CCN-87063)

Assigned:

2013-09-11

Published:

2013-09-11

Updated:

2017-08-29

Summary:

Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-5650

Source: CCN
Type: JSA10590
Junos Pulse Secure Access Service (IVE) and Junos Pulse Access Control Service (UAC): Crafted packet can cause denial of service

Source: OSVDB
Type: UNKNOWN
97241

Source: CCN
Type: SA54776
Juniper Junos Pulse Secure Access Service / Junos Pulse Access Control Service Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
54776

Source: CCN
Type: OSVDB ID: 97241
Juniper Junos Pulse Secure Access Service (IVE) / Access Control Service (UAC) Crafted Packet Handling Remote DoS

Source: CCN
Type: BID-62354
Juniper Networks Multiple Junos Services CVE-2013-5650 Unspecified Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
juniper-junos-cve20135650-dos(87063)

Source: XF
Type: UNKNOWN
juniper-junos-cve20135650-dos(87063)

Source: CONFIRM
Type: Vendor Advisory
https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590

Vulnerable Configuration:

Configuration 1:

cpe:/a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_secure_access_service:7.2:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_secure_access_service:7.3:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_access_control_service:4.2:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_access_control_service:4.3:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:juniper:junos_pulse_access_control_service:4.1r1:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_access_control_service:4.1r1.1:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_access_control_service:4.1r2:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_access_control_service:4.1r3:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_access_control_service:4.1r4:*:*:*:*:*:*:*

OR cpe:/a:juniper:junos_pulse_access_control_service:4.1r5:*:*:*:*:*:*:*

Denotes that component is vulnerable