Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) Linux Network Connect Client Local Privilege Escalation (JSA10616)

High Nessus Plugin ID 73057

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, the version of Juniper Junos Pulse Secure Access Service IVE OS running on the remote host serves out a Network Connect Client, a Java-based VPN client, that is affected by a local privilege escalation vulnerability when run on Linux end-user systems.

Solution

Upgrade to Juniper Junos Pulse Secure Access Service IVE OS version 7.1r17 / 7.3r10 / 7.4r8 / 8.0r2 or later.

See Also

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10616

Plugin Details

Severity: High

ID: 73057

File Name: junos_pulse_sa_jsa10616.nasl

Version: 1.4

Type: local

Family: Misc.

Published: 2014/03/17

Updated: 2018/07/12

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:ive_os, cpe:/a:juniper:junos_pulse_secure_access_service

Required KB Items: Host/Juniper/IVE OS/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/12/04

Vulnerability Publication Date: 2014/03/12

Reference Information

CVE: CVE-2014-2292

BID: 66379