CVE-2013-3970
First published: Thu Jun 13 2013(Updated: )
Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Junos Pulse Access Control Service | =7.0r2 | |
| Juniper Junos Pulse Access Control Service | =7.0r3 | |
| Juniper Junos Pulse Access Control Service | =7.0r4 | |
| Juniper Junos Pulse Access Control Service | =7.0r5 | |
| Juniper Junos Pulse Access Control Service | =7.0r5.1 | |
| Juniper Junos Pulse Access Control Service | =7.0r6 | |
| Juniper Junos Pulse Access Control Service | =7.0r7 | |
| Juniper Junos Pulse Access Control Service | =7.0r8 | |
| Juniper Junos Pulse Access Control Service | =7.1r1 | |
| Juniper Junos Pulse Access Control Service | =7.1r1.1 | |
| Juniper Junos Pulse Access Control Service | =7.1r2 | |
| Juniper Junos Pulse Access Control Service | =7.1r3 | |
| Juniper Junos Pulse Access Control Service | =7.1r4 | |
| Juniper Junos Pulse Access Control Service | =7.1r5 | |
| Juniper Junos Pulse Access Control Service | =4.1r1 | |
| Juniper Junos Pulse Access Control Service | =4.1r1.1 | |
| Juniper Junos Pulse Access Control Service | =4.1r2 | |
| Juniper Junos Pulse Access Control Service | =4.1r3 | |
| Juniper Junos Pulse Access Control Service | =4.1r4 | |
| Juniper Junos Pulse Access Control Service | =4.1r5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3970?
CVE-2013-3970 is rated as a medium severity vulnerability due to its potential to allow unauthorized access to sensitive information.
How do I fix CVE-2013-3970?
To fix CVE-2013-3970, upgrade to the latest versions of Junos Pulse Secure Access Service or Junos Pulse Access Control Service that do not include the vulnerable CA certificate.
Which software versions are affected by CVE-2013-3970?
CVE-2013-3970 affects Juniper Junos Pulse Secure Access Service versions 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5, as well as Junos Pulse Access Control Service versions 4.1r1 through 4.1r5.
What vulnerability type is CVE-2013-3970 classified as?
CVE-2013-3970 is classified as a certificate validation vulnerability that could lead to man-in-the-middle (MITM) attacks.
What impact does CVE-2013-3970 have on users?
The impact of CVE-2013-3970 on users is that it may compromise the confidentiality and integrity of their secure sessions.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper junos pulse access control service
- version/juniper junos pulse access control service/7.0r2
- version/juniper junos pulse access control service/7.0r3
- version/juniper junos pulse access control service/7.0r4
- version/juniper junos pulse access control service/7.0r5
- version/juniper junos pulse access control service/7.0r5.1
- version/juniper junos pulse access control service/7.0r6
- version/juniper junos pulse access control service/7.0r7
- version/juniper junos pulse access control service/7.0r8
- version/juniper junos pulse access control service/7.1r1
- version/juniper junos pulse access control service/7.1r1.1
- version/juniper junos pulse access control service/7.1r2
- version/juniper junos pulse access control service/7.1r3
- version/juniper junos pulse access control service/7.1r4
- version/juniper junos pulse access control service/7.1r5
- version/juniper junos pulse access control service/4.1r1
- version/juniper junos pulse access control service/4.1r1.1
- version/juniper junos pulse access control service/4.1r2
- version/juniper junos pulse access control service/4.1r3
- version/juniper junos pulse access control service/4.1r4
- version/juniper junos pulse access control service/4.1r5