CVE Vulnerabilities

CVE-2015-5369

Published: Aug 11, 2015 | Modified: Aug 11, 2015
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.

Affected Software

Name Vendor Start Version End Version
Pulse_connect_secure Juniper 5.1 (including) 5.1 (including)
Pulse_connect_secure Juniper 7.1 (including) 7.1 (including)
Pulse_connect_secure Juniper 7.4 (including) 7.4 (including)
Pulse_connect_secure Juniper 8.0 (including) 8.0 (including)
Pulse_connect_secure Juniper 8.1 (including) 8.1 (including)

References