4.3

CVE-2013-3970

EPSS 0.19%
Veröffentlicht 13.06.2013 16:47:25
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Pulse Secure Access Service Version7.0r2

Juniper ≫ Junos Pulse Secure Access Service Version7.0r3

Juniper ≫ Junos Pulse Secure Access Service Version7.0r4

Juniper ≫ Junos Pulse Secure Access Service Version7.0r5

Juniper ≫ Junos Pulse Secure Access Service Version7.0r5.1

Juniper ≫ Junos Pulse Secure Access Service Version7.0r6

Juniper ≫ Junos Pulse Secure Access Service Version7.0r7

Juniper ≫ Junos Pulse Secure Access Service Version7.0r8

Juniper ≫ Junos Pulse Secure Access Service Version7.1r1

Juniper ≫ Junos Pulse Secure Access Service Version7.1r1.1

Juniper ≫ Junos Pulse Secure Access Service Version7.1r2

Juniper ≫ Junos Pulse Secure Access Service Version7.1r3

Juniper ≫ Junos Pulse Secure Access Service Version7.1r4

Juniper ≫ Junos Pulse Secure Access Service Version7.1r5

Juniper ≫ Junos Pulse Access Control Service Version4.1r1

Juniper ≫ Junos Pulse Access Control Service Version4.1r1.1

Juniper ≫ Junos Pulse Access Control Service Version4.1r2

Juniper ≫ Junos Pulse Access Control Service Version4.1r3

Juniper ≫ Junos Pulse Access Control Service Version4.1r4

Juniper ≫ Junos Pulse Access Control Service Version4.1r5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.372

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://kb.juniper.net/JSA10571

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-3970

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3970

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3970

EUVD