CVE-2014-3812

CWE-3104 documents4 sources

Severity

5.0MEDIUM

EPSS

0.2%

top 60.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper IVE OS Juniper Unified Access Control Software

Timeline

PublishedJun 13

Latest updateMay 17

Description

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDjuniper/unified_access_control_software4.4, 5.0+1

▶NVDjuniper/ive_os7.4, 8.0+1

🔴Vulnerability Details

GHSA

GHSA-j6f4-5ggj-5x99: The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7↗2022-05-17

▶

CVEList

CVE-2014-3812: The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7↗2014-06-13

▶

📋Vendor Advisories

Juniper

CVE-2014-3812: The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (↗2014-06-13

▶