Detections
Analytics
Junos Pulse Secure Access IVE / UAC OS Weak Cipher Information Disclosure (JSA10628)
medium Nessus Plugin ID 76306
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by an information disclosure vulnerability due to an issue where cipher suites with weak encryption algorithms are used even when cipher suites with strong encryption algorithms are enabled.Solution
Upgrade to Juniper Junos IVE OS version 7.4r5 / 8.0r1 or later or UAC OS version 4.4r5 / 5.0r1 or later.See Also
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10628
Plugin Details
Severity: Medium
ID: 76306
File Name: junos_pulse_jsa10628.nasl
Version: 1.2
Type: local
Family: Misc.
Published: 6/30/2014
Updated: 7/12/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/o:juniper:ive_os, cpe:/o:juniper:unified_access_control_software, cpe:/a:juniper:junos_pulse_secure_access_service, cpe:/a:juniper:junos_pulse_access_control_service
Required KB Items: Host/Juniper/IVE OS/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 9/24/2013
Vulnerability Publication Date: 6/11/2014
Reference Information
CVE: CVE-2014-3812
BID: 68192