Vulnerability Name:

CVE-2014-3812 (CCN-93947)

Assigned:2014-06-11
Published:2014-06-11
Updated:2014-06-16
Summary:The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-310
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2014-3812

Source: CCN
Type: Juniper Networks Security Bulletin JSA10628
Junos Pulse Secure Access Service (SSL VPN) and Junos Pulse Access Control Service (UAC): Weak SSL cipher allowed unexpectedly when higher level cipher group is configured (CVE-2014-3812)

Source: CONFIRM
Type: Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10628

Source: CCN
Type: BID-68192
Multiple Juniper Junos Products Ciphersuite Specification Information Disclosure Weakness

Source: XF
Type: UNKNOWN
juniper-junos-cve20143812-info-disc(93947)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:juniper:ive_os:7.4:*:*:*:*:*:*:*
  • OR cpe:/o:juniper:ive_os:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:juniper:unified_access_control_software:4.4:*:*:*:*:*:*:*
  • OR cpe:/o:juniper:unified_access_control_software:5.0:*:*:*:*:*:*:*
  • AND
  • cpe:/h:juniper:fips_infranet_controller_6500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:infranet_controller_4000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:infranet_controller_4500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:infranet_controller_6000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:infranet_controller_6500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:secure_access_2500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:secure_access_4500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:secure_access_700:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:juniper:unified_access_control_software:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:juniper:unified_access_control_software:4.4:*:*:*:*:*:*:*
  • OR cpe:/o:juniper:ive_os:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:juniper:ive_os:7.4:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:fips_infranet_controller_6500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:infranet_controller_6500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:infranet_controller_6000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:infranet_controller_4500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:infranet_controller_4000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:secure_access_700:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:secure_access_2500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:secure_access_4500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    juniper ive os 7.4
    juniper ive os 8.0
    juniper unified access control software 4.4
    juniper unified access control software 5.0
    juniper fips infranet controller 6500 -
    juniper fips secure access 4000 -
    juniper fips secure access 4500 -
    juniper fips secure access 6000 -
    juniper fips secure access 6500 -
    juniper infranet controller 4000 -
    juniper infranet controller 4500 -
    juniper infranet controller 6000 -
    juniper infranet controller 6500 -
    juniper mag2600 gateway -
    juniper mag4610 gateway -
    juniper mag6610 gateway -
    juniper mag6611 gateway -
    juniper secure access 2500 -
    juniper secure access 4500 -
    juniper secure access 700 -
    juniper unified access control software 5.0
    juniper unified access control software 4.4
    juniper ive os 8.0
    juniper ive os 7.4
    juniper fips infranet controller 6500 -
    juniper infranet controller 6500 -
    juniper infranet controller 6000 -
    juniper infranet controller 4500 -
    juniper infranet controller 4000 -
    juniper secure access 700 -
    juniper secure access 2500 -
    juniper fips secure access 4000 -
    juniper secure access 4500 -
    juniper fips secure access 4500 -
    juniper fips secure access 6000 -
    juniper fips secure access 6500 -
    juniper mag2600 gateway -
    juniper mag4610 gateway -
    juniper mag6610 gateway -
    juniper mag6611 gateway -