CVE-2013-3970

{"id": "CVE-2013-3970", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-13T16:47:25.930", "references": [{"url": "http://kb.juniper.net/JSA10571", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA."}, {"lang": "es", "value": "Juniper Junos Pulse Secure Access Service (tambi\u00e9n conocido como SSL VPN) con IVE OS v7.0r2 hasta v7.0r8 y v7.1r1 hasta v7.1r5 y Junos Pulse Access Control Service (tambi\u00e9n conocido como UAC) con UAC OS v4.1r1 hasta v4.1r5 incluyen un certificado de prueba en la lista Trusted Server CAs, que hace m\u00e1s f\u00e1cil a atacantes man-in-the-middle burlar servidores SSL aprovechando el control de esa prueba CA."}], "lastModified": "2013-06-13T17:47:42.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E19EA42-FAC3-45BD-B11E-23CBEC70505F"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "204456AA-7A87-4317-96B2-0F8E28DC8B4A"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAAE61E0-EC1D-4F74-BACB-E63C9778BA66"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "247464D3-8B16-4140-980A-028E600E08B3"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BE7A6A9-4655-4B86-A6CB-F871FC6A7631"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07743F02-BFB0-405F-8144-270658D1C113"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8C8BD0-1BD5-4C10-991B-AD953FEC0A92"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80B5DF49-2C11-42E4-8472-92526C5F1EFF"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6386D17E-158E-4F5E-B0C7-7719D0020CBF"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "601BEBCC-F133-40FB-A1B8-599889D05480"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DFCB2A6-FFF0-4108-B587-C27FB96FD75A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42FFCBD4-D611-40FB-9EC0-FD7514D3E4D9"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ECFCA72-04D6-441D-9167-F549293C26A4"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538BDA70-3F06-4AAE-9ACA-DF4C776DE19E"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5EBC04E-16D9-4DC0-B0A9-A99527B5FA11"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C21197A5-8BDA-4FDB-9AC3-703715AA4F52"}, {"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C00A34F-1E90-4E81-AFDE-02A1D059A24C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}