CVE-2013-5650: Input Validation
First published: Mon Sep 16 2013(Updated: )
Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Junos Pulse Access Control Service | =7.1 | |
| Juniper Junos Pulse Access Control Service | =7.2 | |
| Juniper Junos Pulse Access Control Service | =7.3 | |
| Juniper Junos Pulse Access Control Service | =7.4 | |
| Juniper Junos Pulse Access Control Service | =4.1 | |
| Juniper Junos Pulse Access Control Service | =4.2 | |
| Juniper Junos Pulse Access Control Service | =4.3 | |
| Juniper Junos Pulse Access Control Service | =4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-5650?
CVE-2013-5650 has been classified as a high-severity vulnerability due to its potential impact on confidentiality and data integrity.
How do I fix CVE-2013-5650?
To fix CVE-2013-5650, update to the latest versions of Junos Pulse Secure Access Service or Junos Pulse Access Control Service as specified in the security advisories.
Which Juniper products are affected by CVE-2013-5650?
CVE-2013-5650 affects specific versions of Junos Pulse Secure Access Service and Junos Pulse Access Control Service.
Can CVE-2013-5650 be exploited remotely?
Yes, CVE-2013-5650 can be exploited remotely if certain conditions are met, particularly when an SSL acceleration card is enabled.
What kind of attack does CVE-2013-5650 enable?
CVE-2013-5650 allows an attacker to bypass authentication mechanisms, leading to unauthorized access.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper junos pulse access control service
- version/juniper junos pulse access control service/7.1
- version/juniper junos pulse access control service/7.2
- version/juniper junos pulse access control service/7.3
- version/juniper junos pulse access control service/7.4
- version/juniper junos pulse access control service/4.1
- version/juniper junos pulse access control service/4.2
- version/juniper junos pulse access control service/4.3
- version/juniper junos pulse access control service/4.4