Junos Pulse Secure Access IVE / UAC OS Weak Cipher Information Disclosure (JSA10628)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version, the version of IVE / UAC OS
running on the remote host is affected by an information disclosure
vulnerability due to an issue where cipher suites with weak encryption
algorithms are used even when cipher suites with strong encryption
algorithms are enabled.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10628

Solution :

Upgrade to Juniper Junos IVE OS version 7.4r5 / 8.0r1 or later or UAC
OS version 4.4r5 / 5.0r1 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 76306 ()

Bugtraq ID: 68192

CVE ID: CVE-2014-3812

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now