CVE-2013-5650

Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet.

CVSS v2.0 5.4 MEDIUM

5.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:C

Exploitability : 4.9 / Impact : 6.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/97241
http://secunia.com/advisories/54776	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/87063
https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.2:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.3:::::::*
	cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:::::::*
	cpe:2.3:a:juniper:junos_pulse_access_control_service:4.2:::::::*
	cpe:2.3:a:juniper:junos_pulse_access_control_service:4.3:::::::*
	cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:::::::*

History

No history.

Information

Published : 2013-09-16 19:14

Updated : 2023-12-10 11:16

NVD link : CVE-2013-5650

Mitre link : CVE-2013-5650

CVE.ORG link : CVE-2013-5650

JSON object : View

Products Affected

juniper

junos_pulse_access_control_service
junos_pulse_secure_access_service

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-5650", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-16T19:14:39.367", "references": [{"url": "http://osvdb.org/97241", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/54776", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063", "source": "cve@mitre.org"}, {"url": "https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet."}, {"lang": "es", "value": "Junos Pulse Secure Access Service (IVE) 7.1 anterior a 7.1r5, 7.2 anterior a 7.2r10, 7.3 anterior a 7.3r6, and 7.4 anterior a 7.4r3 y Junos Pulse Access Control Service (UAC) 4.1 anterior a 4.1r8.1, 4.2 anterior a 4.2r5, 4.3 anterior a 4.3r6 y 4.4 anterior a 4.4r3, cuando una tarjeta hardware de aceleraci\u00f3n SSL esta habilitada, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue del dispositivo) a trav\u00e9s de un paquete manipulado."}], "lastModified": "2017-08-29T01:33:50.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE0C8957-0870-4070-AAD3-720EE46311EA"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B131A79C-9F00-4205-906A-1C6FFF968399"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4CB3318-20E0-4D84-B95D-50F2DDB7CB56"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CA1CB31-3514-480E-ADD0-B8415B379754"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E19A150B-30A6-4C86-86EE-DD010C707607"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F94EE9B9-1CE6-401B-80F7-9EC080BD7B74"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8A5CD74-9A06-45E2-9C5B-DDA2E3D7EE53"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1539B994-2F09-43E8-9854-4A41585F0513"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}