CVE-2015-5369

CWE-17CWE-20 — Improper Input Validation4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 40.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Juniper Pulse Connect Secure
Timeline
PublishedAug 11
Latest updateMay 17

Description

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDjuniper/pulse_connect_secure5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-26rc-pv36-f3pg: Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8↗2022-05-17
â–¶
CVEList
CVE-2015-5369: Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8↗2015-08-11
â–¶

📋Vendor Advisories

1
Juniper
CVE-2015-5369: Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and↗2015-08-11
â–¶
CVE-2015-5369 (MEDIUM CVSS 4.3) | Pulse Connect Secure (aka PCS and f | cvebase.io