CVE-2013-3970
Juniper Junos Pulse Secure Access Service 7.0r2-7.0r8 & 7.1r1-7.1r5 - MITM via Trusted Test CA
Title source: llmDescription
Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://kb.juniper.net/JSA10571
Scores
EPSS
0.0019
EPSS Percentile
40.0%
Details
CWE
CWE-310
Status
published
Products (20)
juniper/junos_pulse_access_control_service
4.1r1
juniper/junos_pulse_access_control_service
4.1r1.1
juniper/junos_pulse_access_control_service
4.1r2
juniper/junos_pulse_access_control_service
4.1r3
juniper/junos_pulse_access_control_service
4.1r4
juniper/junos_pulse_access_control_service
4.1r5
juniper/junos_pulse_secure_access_service
7.0r2
juniper/junos_pulse_secure_access_service
7.0r3
juniper/junos_pulse_secure_access_service
7.0r4
juniper/junos_pulse_secure_access_service
7.0r5
... and 10 more
Published
Jun 13, 2013
Tracked Since
Feb 18, 2026