Details of VAR-201403-0329

ID

VAR-201403-0329

CVE

CVE-2014-2292

TITLE

IVE OS of Juniper Junos Pulse Secure Access Service of Linux Network Connect Vulnerabilities that can be used to acquire privileges on clients

Trust: 0.8

sources: JVNDB: JVNDB-2014-001703

DESCRIPTION

Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors. Juniper Junos is prone to local privilege-escalation vulnerability. Local attackers can exploit this issue to escalate their access to root privileges. The client supports remote and mobile users to access enterprise resources with various web devices

Trust: 2.52

sources: NVD: CVE-2014-2292 // JVNDB: JVNDB-2014-001703 // CNVD: CNVD-2014-01802 // BID: 66379 // VULHUB: VHN-70231

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01802

AFFECTED PRODUCTS

vendor:	juniper	model:	ive os	scope:	eq	version:	8.0	Trust: 2.5
vendor:	juniper	model:	ive os	scope:	eq	version:	7.1	Trust: 2.5
vendor:	juniper	model:	ive os	scope:	eq	version:	7.3	Trust: 2.5
vendor:	juniper	model:	ive os	scope:	eq	version:	7.4	Trust: 2.5
vendor:	juniper	model:	ive os	scope:	eq	version:	7.3r10	Trust: 0.8
vendor:	juniper	model:	ive os	scope:	eq	version:	7.4r8	Trust: 0.8
vendor:	juniper	model:	ive os	scope:	lt	version:	7.3	Trust: 0.8
vendor:	juniper	model:	ive os	scope:	eq	version:	8.0r1	Trust: 0.8
vendor:	juniper	model:	ive os	scope:	lt	version:	7.4	Trust: 0.8
vendor:	juniper	model:	ive os	scope:	lt	version:	8.0	Trust: 0.8
vendor:	juniper	model:	sa700	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa6500 fips	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa6500	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa6000 fips	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa6000	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa4500 fips	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa4500	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa4000 fips	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa4000	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa2500	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	sa2000	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	mag6611	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	mag6610	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	mag4610	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	mag2600	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	ive os 8.0r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	ive os 7.4r8	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	ive os 7.3r10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	ive os 7.1r17	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-01802 // BID: 66379 // JVNDB: JVNDB-2014-001703 // CNNVD: CNNVD-201403-289 // NVD: CVE-2014-2292

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2292
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2292
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01802
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201403-289
value:	HIGH
Trust: 0.6
VULHUB:	VHN-70231
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2292
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01802
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-70231
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-01802 // VULHUB: VHN-70231 // JVNDB: JVNDB-2014-001703 // CNNVD: CNNVD-201403-289 // NVD: CVE-2014-2292

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-2292

THREAT TYPE

local

Trust: 0.9

sources: BID: 66379 // CNNVD: CNNVD-201403-289

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201403-289

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001703

PATCH

title:	JSA10616	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10616	Trust: 0.8
title:	Juniper Junos Pulse Secure Access Service has an unexplained patch	url:	https://www.cnvd.org.cn/patchInfo/show/44369	Trust: 0.6

sources: CNVD: CNVD-2014-01802 // JVNDB: JVNDB-2014-001703

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2292	Trust: 3.4
db:	JUNIPER	id:	JSA10616	Trust: 2.6
db:	JVNDB	id:	JVNDB-2014-001703	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-289	Trust: 0.7
db:	CNVD	id:	CNVD-2014-01802	Trust: 0.6
db:	BID	id:	66379	Trust: 0.4
db:	VULHUB	id:	VHN-70231	Trust: 0.1

sources: CNVD: CNVD-2014-01802 // VULHUB: VHN-70231 // BID: 66379 // JVNDB: JVNDB-2014-001703 // CNNVD: CNNVD-201403-289 // NVD: CVE-2014-2292

REFERENCES

url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10616	Trust: 2.5
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2292	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2292	Trust: 0.8
url:	http://www.juniper.net	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10616	Trust: 0.1

sources: CNVD: CNVD-2014-01802 // VULHUB: VHN-70231 // BID: 66379 // JVNDB: JVNDB-2014-001703 // CNNVD: CNNVD-201403-289 // NVD: CVE-2014-2292

CREDITS

Jörg Scheinert from Verizon GCIS

Trust: 0.3

sources: BID: 66379

SOURCES

db:	CNVD	id:	CNVD-2014-01802
db:	VULHUB	id:	VHN-70231
db:	BID	id:	66379
db:	JVNDB	id:	JVNDB-2014-001703
db:	CNNVD	id:	CNNVD-201403-289
db:	NVD	id:	CVE-2014-2292

LAST UPDATE DATE

2025-04-13T23:18:55.107000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01802	date:	2014-03-20T00:00:00
db:	VULHUB	id:	VHN-70231	date:	2014-03-17T00:00:00
db:	BID	id:	66379	date:	2014-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-001703	date:	2014-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201403-289	date:	2014-03-18T00:00:00
db:	NVD	id:	CVE-2014-2292	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01802	date:	2014-03-20T00:00:00
db:	VULHUB	id:	VHN-70231	date:	2014-03-14T00:00:00
db:	BID	id:	66379	date:	2014-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-001703	date:	2014-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201403-289	date:	2014-03-18T00:00:00
db:	NVD	id:	CVE-2014-2292	date:	2014-03-14T15:55:05.713