4.3

CVE-2013-3970

EPSS 0.19%
Published 13.06.2013 16:47:25
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.

Affected products Warnungen 0 Metrics 2 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Pulse Secure Access Service Version7.0r2

Juniper ≫ Junos Pulse Secure Access Service Version7.0r3

Juniper ≫ Junos Pulse Secure Access Service Version7.0r4

Juniper ≫ Junos Pulse Secure Access Service Version7.0r5

Juniper ≫ Junos Pulse Secure Access Service Version7.0r5.1

Juniper ≫ Junos Pulse Secure Access Service Version7.0r6

Juniper ≫ Junos Pulse Secure Access Service Version7.0r7

Juniper ≫ Junos Pulse Secure Access Service Version7.0r8

Juniper ≫ Junos Pulse Secure Access Service Version7.1r1

Juniper ≫ Junos Pulse Secure Access Service Version7.1r1.1

Juniper ≫ Junos Pulse Secure Access Service Version7.1r2

Juniper ≫ Junos Pulse Secure Access Service Version7.1r3

Juniper ≫ Junos Pulse Secure Access Service Version7.1r4

Juniper ≫ Junos Pulse Secure Access Service Version7.1r5

Juniper ≫ Junos Pulse Access Control Service Version4.1r1

Juniper ≫ Junos Pulse Access Control Service Version4.1r1.1

Juniper ≫ Junos Pulse Access Control Service Version4.1r2

Juniper ≫ Junos Pulse Access Control Service Version4.1r3

Juniper ≫ Junos Pulse Access Control Service Version4.1r4

Juniper ≫ Junos Pulse Access Control Service Version4.1r5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.372

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://kb.juniper.net/JSA10571

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-3970

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3970

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3970

EUVD