← Back

CVE-2013-3970

nvd nist
Published: Jun 13, 2013Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.

Affected (20)

Juniper
2 products
Junos Pulse Secure Access Service
Junos Pulse Access Control Service
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos Pulse Secure Access Service
Version 7.0r2
Junos Pulse Secure Access Service
Version 7.0r3
Junos Pulse Secure Access Service
Version 7.0r4
Junos Pulse Secure Access Service
Version 7.0r5.1
Junos Pulse Secure Access Service
Version 7.0r5
Junos Pulse Secure Access Service
Version 7.0r6
Junos Pulse Secure Access Service
Version 7.0r7
Junos Pulse Secure Access Service
Version 7.0r8
Junos Pulse Secure Access Service
Version 7.1r1.1
Junos Pulse Secure Access Service
Version 7.1r1
Junos Pulse Secure Access Service
Version 7.1r2
Junos Pulse Secure Access Service
Version 7.1r3
Junos Pulse Secure Access Service
Version 7.1r4
Junos Pulse Secure Access Service
Version 7.1r5
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos Pulse Access Control Service
Version 4.1r1.1
Junos Pulse Access Control Service
Version 4.1r1
Junos Pulse Access Control Service
Version 4.1r2
Junos Pulse Access Control Service
Version 4.1r3
Junos Pulse Access Control Service
Version 4.1r4
Junos Pulse Access Control Service
Version 4.1r5

Related CWEs

CWE-310
CWE-310

References (2)

Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.