Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) Linux Network Connect Client Local Privilege Escalation (JSA10616)

High Nessus Plugin ID 73057


The remote device is missing a vendor-supplied security patch.


According to its self-reported version, the version of Juniper Junos Pulse Secure Access Service IVE OS running on the remote host serves out a Network Connect Client, a Java-based VPN client, that is affected by a local privilege escalation vulnerability when run on Linux end-user systems.


Upgrade to Juniper Junos Pulse Secure Access Service IVE OS version 7.1r17 / 7.3r10 / 7.4r8 / 8.0r2 or later.

See Also

Plugin Details

Severity: High

ID: 73057

File Name: junos_pulse_sa_jsa10616.nasl

Version: $Revision: 1.3 $

Type: local

Family: Misc.

Published: 2014/03/17

Modified: 2014/03/26

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:ive_os, cpe:/a:juniper:junos_pulse_secure_access_service

Required KB Items: Host/Juniper/IVE OS/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/12/04

Vulnerability Publication Date: 2014/03/12

Reference Information

CVE: CVE-2014-2292

BID: 66379

OSVDB: 104420