cvelistv5 - cve-2014-3823

CVE-2014-3823 (GCVE-0-2014-3823)

Vulnerability from cvelistv5 – Published: 2014-09-29 14:00 – Updated: 2024-08-06 10:57

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://kb.juniper.net/InfoCenter/index?page=cont…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:57:17.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-09-29T11:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3823",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3823",
    "datePublished": "2014-09-29T14:00:00",
    "dateReserved": "2014-05-21T00:00:00",
    "dateUpdated": "2024-08-06T10:57:17.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE0C8957-0870-4070-AAD3-720EE46311EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6386D17E-158E-4F5E-B0C7-7719D0020CBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"601BEBCC-F133-40FB-A1B8-599889D05480\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DFCB2A6-FFF0-4108-B587-C27FB96FD75A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A381B35A-750E-4E70-99DA-25C4837C9DDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D2E937F-6235-4040-ADAF-884304C7D65C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3921140-1DDB-416E-9DC6-BB097C339A36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36F6EE11-D19C-43DD-AFB8-D8AE60B5692F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"810ABC69-F219-4060-A50E-5A9D531BF26A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCD9F89E-5AFB-4B80-B615-6E4720FA8A57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"134E62A7-0E1E-453B-AE43-EFF7BA700658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"C503F416-17B4-45DA-9E36-9A8B14C2DEC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECDD185D-A088-43A4-B4DE-599D22F1642C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"49B32A49-885E-4C3D-8362-1E48B04F1FDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B149DA0-3128-499D-969A-3231B682D25C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B390A8A0-D317-4EDE-9B1F-2CC53DC72C06\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 8.0 anterior a 8.0r1, 7.4 anterior a 7.4r5, y 7.1 anterior a 7.1r18 permiten a atacantes remotos realizar ataques de clickjacking a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2014-3823",
      "lastModified": "2024-11-21T02:08:55.693",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-09-29T14:55:08.767",
      "references": "[{\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3823\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-09-29T14:55:08.767\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 8.0 anterior a 8.0r1, 7.4 anterior a 7.4r5, y 7.1 anterior a 7.1r18 permiten a atacantes remotos realizar ataques de clickjacking a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE0C8957-0870-4070-AAD3-720EE46311EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6386D17E-158E-4F5E-B0C7-7719D0020CBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"601BEBCC-F133-40FB-A1B8-599889D05480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DFCB2A6-FFF0-4108-B587-C27FB96FD75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A381B35A-750E-4E70-99DA-25C4837C9DDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D2E937F-6235-4040-ADAF-884304C7D65C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3921140-1DDB-416E-9DC6-BB097C339A36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36F6EE11-D19C-43DD-AFB8-D8AE60B5692F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"810ABC69-F219-4060-A50E-5A9D531BF26A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCD9F89E-5AFB-4B80-B615-6E4720FA8A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"134E62A7-0E1E-453B-AE43-EFF7BA700658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"C503F416-17B4-45DA-9E36-9A8B14C2DEC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECDD185D-A088-43A4-B4DE-599D22F1642C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"49B32A49-885E-4C3D-8362-1E48B04F1FDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B149DA0-3128-499D-969A-3231B682D25C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B390A8A0-D317-4EDE-9B1F-2CC53DC72C06\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2014-AVI-387

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper SA4000
N/A	N/A	Juniper SA2000
N/A	N/A	Juniper MAG4610
N/A	N/A	Juniper SA4500
N/A	N/A	Juniper IC6500
N/A	N/A	Juniper MAG2600
N/A	N/A	Juniper FIPS SA6500
N/A	N/A	Juniper SA2500
N/A	N/A	Juniper IC6000
N/A	N/A	Juniper MAG6610
N/A	N/A	Juniper IC4500
N/A	N/A	Juniper FIPS SA6000
N/A	N/A	Juniper FIPS SA4500
N/A	N/A	Juniper MAG6611
N/A	N/A	Juniper FIPS IC6500
N/A	N/A	Juniper IC4000
N/A	N/A	Juniper FIPS SA4000
N/A	N/A	Juniper SA6000
N/A	N/A	Juniper SA6500
N/A	N/A	Juniper SA700

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10646 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10647 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10644 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10645 du 10 septembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG4610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG2600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6611",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3823"
    },
    {
      "name": "CVE-2014-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3824"
    },
    {
      "name": "CVE-2014-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3820"
    },
    {
      "name": "CVE-2014-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3811"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-387",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte\n\u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10646 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10647 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10644 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10644\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10645 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2014-AVI-387

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper SA4000
N/A	N/A	Juniper SA2000
N/A	N/A	Juniper MAG4610
N/A	N/A	Juniper SA4500
N/A	N/A	Juniper IC6500
N/A	N/A	Juniper MAG2600
N/A	N/A	Juniper FIPS SA6500
N/A	N/A	Juniper SA2500
N/A	N/A	Juniper IC6000
N/A	N/A	Juniper MAG6610
N/A	N/A	Juniper IC4500
N/A	N/A	Juniper FIPS SA6000
N/A	N/A	Juniper FIPS SA4500
N/A	N/A	Juniper MAG6611
N/A	N/A	Juniper FIPS IC6500
N/A	N/A	Juniper IC4000
N/A	N/A	Juniper FIPS SA4000
N/A	N/A	Juniper SA6000
N/A	N/A	Juniper SA6500
N/A	N/A	Juniper SA700

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10646 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10647 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10644 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10645 du 10 septembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG4610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG2600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6611",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3823"
    },
    {
      "name": "CVE-2014-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3824"
    },
    {
      "name": "CVE-2014-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3820"
    },
    {
      "name": "CVE-2014-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3811"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-387",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte\n\u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10646 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10647 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10644 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10644\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10645 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

GHSA-X6PP-J24V-837C

Vulnerability from github – Published: 2022-05-17 04:32 – Updated: 2022-05-17 04:32

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-09-29T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.",
  "id": "GHSA-x6pp-j24v-837c",
  "modified": "2022-05-17T04:32:24Z",
  "published": "2022-05-17T04:32:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3823"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201409-0549

Vulnerability from variot - Updated: 2023-12-18 13:57

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Successful exploits will allow an attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker can exploit this vulnerability to implement clickjacking attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0549",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r4"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r1.1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r10"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r3"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r11"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r2"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r12"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r14"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r15"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r13"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r6"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r9"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r8"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r5"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r7"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(ive os) 7.1r18"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(ive os) 8.0r1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "secure access 700",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 6000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "mag4610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag2600 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6611 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(ive os) 7.4r5"
      },
      {
        "model": "networks ive os 7.1r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks ive os 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-996"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3823"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "69800"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-3823",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3823",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-71763",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3823",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201409-996",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71763",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71763"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-996"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors. \nSuccessful exploits will allow an attacker to compromise the affected  application or obtain sensitive information. Other attacks are also possible. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker can exploit this vulnerability to implement clickjacking attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      },
      {
        "db": "BID",
        "id": "69800"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71763"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3823",
        "trust": 2.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10647",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "69800",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-996",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-71763",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71763"
      },
      {
        "db": "BID",
        "id": "69800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-996"
      }
    ]
  },
  "id": "VAR-201409-0549",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71763"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:57:42.786000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10647",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10647"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71763"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3823"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10647"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3823"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3823"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/69800"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.1,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10647"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71763"
      },
      {
        "db": "BID",
        "id": "69800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-996"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71763"
      },
      {
        "db": "BID",
        "id": "69800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-996"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71763"
      },
      {
        "date": "2014-09-15T00:00:00",
        "db": "BID",
        "id": "69800"
      },
      {
        "date": "2014-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      },
      {
        "date": "2014-09-29T14:55:08.767000",
        "db": "NVD",
        "id": "CVE-2014-3823"
      },
      {
        "date": "2014-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-996"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71763"
      },
      {
        "date": "2014-09-15T00:00:00",
        "db": "BID",
        "id": "69800"
      },
      {
        "date": "2014-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      },
      {
        "date": "2014-10-01T03:30:36.487000",
        "db": "NVD",
        "id": "CVE-2014-3823"
      },
      {
        "date": "2014-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-996"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-996"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IVE OS of  Juniper Junos Pulse Secure Access Service Vulnerabilities that can cause clickjacking attacks on devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004483"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-996"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2014-3823

Vulnerability from fkie_nvd - Published: 2014-09-29 14:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	junos_pulse_secure_access_service	7.1
juniper	junos_pulse_secure_access_service	7.1r1.1
juniper	junos_pulse_secure_access_service	7.1r2
juniper	junos_pulse_secure_access_service	7.1r3
juniper	junos_pulse_secure_access_service	7.1r4
juniper	junos_pulse_secure_access_service	7.1r5
juniper	junos_pulse_secure_access_service	7.1r6
juniper	junos_pulse_secure_access_service	7.1r7
juniper	junos_pulse_secure_access_service	7.1r8
juniper	junos_pulse_secure_access_service	7.1r9
juniper	junos_pulse_secure_access_service	7.1r10
juniper	junos_pulse_secure_access_service	7.1r11
juniper	junos_pulse_secure_access_service	7.1r12
juniper	junos_pulse_secure_access_service	7.1r13
juniper	junos_pulse_secure_access_service	7.1r14
juniper	junos_pulse_secure_access_service	7.1r15
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE0C8957-0870-4070-AAD3-720EE46311EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6386D17E-158E-4F5E-B0C7-7719D0020CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
              "matchCriteriaId": "601BEBCC-F133-40FB-A1B8-599889D05480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DFCB2A6-FFF0-4108-B587-C27FB96FD75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A381B35A-750E-4E70-99DA-25C4837C9DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D2E937F-6235-4040-ADAF-884304C7D65C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3921140-1DDB-416E-9DC6-BB097C339A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F6EE11-D19C-43DD-AFB8-D8AE60B5692F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "810ABC69-F219-4060-A50E-5A9D531BF26A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD9F89E-5AFB-4B80-B615-6E4720FA8A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
              "matchCriteriaId": "134E62A7-0E1E-453B-AE43-EFF7BA700658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "C503F416-17B4-45DA-9E36-9A8B14C2DEC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "ECDD185D-A088-43A4-B4DE-599D22F1642C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "49B32A49-885E-4C3D-8362-1E48B04F1FDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "5B149DA0-3128-499D-969A-3231B682D25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B390A8A0-D317-4EDE-9B1F-2CC53DC72C06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 8.0 anterior a 8.0r1, 7.4 anterior a 7.4r5, y 7.1 anterior a 7.1r18 permiten a atacantes remotos realizar ataques de clickjacking a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-3823",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-09-29T14:55:08.767",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-3823

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-3823

Aliases

CVE-2014-3823

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3823",
    "description": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.",
    "id": "GSD-2014-3823"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3823"
      ],
      "details": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.",
      "id": "GSD-2014-3823",
      "modified": "2023-12-13T01:22:53.262619Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-3823",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3823"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2014-10-01T03:30Z",
      "publishedDate": "2014-09-29T14:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3823 (GCVE-0-2014-3823)

CERTFR-2014-AVI-387

Solution

CERTFR-2014-AVI-387

Solution

GHSA-X6PP-J24V-837C

VAR-201409-0549

FKIE_CVE-2014-3823

GSD-2014-3823

Tags

Sightings

Nomenclature