Details of VAR-201409-0549

ID

VAR-201409-0549

CVE

CVE-2014-3823

TITLE

IVE OS of Juniper Junos Pulse Secure Access Service Vulnerabilities that can cause clickjacking attacks on devices

Trust: 0.8

sources: JVNDB: JVNDB-2014-004483

DESCRIPTION

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Successful exploits will allow an attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker can exploit this vulnerability to implement clickjacking attacks

Trust: 1.98

sources: NVD: CVE-2014-3823 // JVNDB: JVNDB-2014-004483 // BID: 69800 // VULHUB: VHN-71763

AFFECTED PRODUCTS

vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r3	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r15	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r12	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r13	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r14	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r11	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r2	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r4	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r1.1	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r10	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r7	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.4	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	8.0	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r6	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r8	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r5	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r9	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	(ive os) 7.1r18	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	(ive os) 8.0r1	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	lt	version:	7.4	Trust: 0.8
vendor:	juniper	model:	secure access 700	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 6000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	fips secure access 4000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 6500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	fips secure access 6000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 4000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	lt	version:	8.0	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	lt	version:	7.1	Trust: 0.8
vendor:	juniper	model:	mag4610 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag2600 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag6611 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 4500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag6610 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 2000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	fips secure access 6500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 2500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	fips secure access 4500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	(ive os) 7.4r5	Trust: 0.8
vendor:	juniper	model:	networks ive os 7.1r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks ive os 7.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks ive os	scope:	eq	version:	7.1	Trust: 0.3

sources: BID: 69800 // JVNDB: JVNDB-2014-004483 // CNNVD: CNNVD-201409-996 // NVD: CVE-2014-3823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3823
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3823
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201409-996
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71763
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3823
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71763
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71763 // JVNDB: JVNDB-2014-004483 // CNNVD: CNNVD-201409-996 // NVD: CVE-2014-3823

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71763 // JVNDB: JVNDB-2014-004483 // NVD: CVE-2014-3823

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-996

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201409-996

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004483

PATCH

title:

JSA10647

url:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647

Trust: 0.8

sources: JVNDB: JVNDB-2014-004483

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3823	Trust: 2.8
db:	JUNIPER	id:	JSA10647	Trust: 1.7
db:	BID	id:	69800	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-004483	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-996	Trust: 0.7
db:	VULHUB	id:	VHN-71763	Trust: 0.1

sources: VULHUB: VHN-71763 // BID: 69800 // JVNDB: JVNDB-2014-004483 // CNNVD: CNNVD-201409-996 // NVD: CVE-2014-3823

REFERENCES

url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10647	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3823	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3823	Trust: 0.8
url:	http://www.securityfocus.com/bid/69800	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10647	Trust: 0.1

sources: VULHUB: VHN-71763 // BID: 69800 // JVNDB: JVNDB-2014-004483 // CNNVD: CNNVD-201409-996 // NVD: CVE-2014-3823

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 69800

SOURCES

db:	VULHUB	id:	VHN-71763
db:	BID	id:	69800
db:	JVNDB	id:	JVNDB-2014-004483
db:	CNNVD	id:	CNNVD-201409-996
db:	NVD	id:	CVE-2014-3823

LAST UPDATE DATE

2025-04-13T23:29:41.657000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71763	date:	2014-10-01T00:00:00
db:	BID	id:	69800	date:	2014-09-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004483	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201409-996	date:	2014-10-08T00:00:00
db:	NVD	id:	CVE-2014-3823	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71763	date:	2014-09-29T00:00:00
db:	BID	id:	69800	date:	2014-09-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004483	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201409-996	date:	2014-09-28T00:00:00
db:	NVD	id:	CVE-2014-3823	date:	2014-09-29T14:55:08.767