Details of VAR-201409-0550

ID

VAR-201409-0550

CVE

CVE-2014-3824

TITLE

IVE OS of Juniper Junos Pulse Secure Access Service Device Web Server cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-004484

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Junos Pulse Secure Access Service is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 1.98

sources: NVD: CVE-2014-3824 // JVNDB: JVNDB-2014-004484 // BID: 69804 // VULHUB: VHN-71764

AFFECTED PRODUCTS

vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r15	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r12	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r13	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r1	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r11	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r14	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	8.0	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r6	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r1.1	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r10	Trust: 1.6
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r8	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r7	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.4	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r4	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r2	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r3	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r5	Trust: 1.0
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	7.1r9	Trust: 1.0
vendor:	juniper	model:	fips secure access 4000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag4610 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	(ive os) 7.1r20	Trust: 0.8
vendor:	juniper	model:	fips secure access 6500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag2600 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag6611 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 4500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 6500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	secure access 2500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	fips secure access 6000	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	mag6610 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	lt	version:	7.4	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	(ive os) 8.0r6	Trust: 0.8
vendor:	juniper	model:	secure access 700	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	eq	version:	(ive os) 7.4r13	Trust: 0.8
vendor:	juniper	model:	fips secure access 4500	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	lt	version:	8.0	Trust: 0.8
vendor:	juniper	model:	junos pulse secure access service	scope:	lt	version:	7.1	Trust: 0.8
vendor:	juniper	model:	networks ive os 7.1r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks ive os 7.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks ive os	scope:	eq	version:	7.1	Trust: 0.3

sources: BID: 69804 // JVNDB: JVNDB-2014-004484 // CNNVD: CNNVD-201409-997 // NVD: CVE-2014-3824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3824
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3824
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201409-997
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71764
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3824
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71764
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71764 // JVNDB: JVNDB-2014-004484 // CNNVD: CNNVD-201409-997 // NVD: CVE-2014-3824

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-71764 // JVNDB: JVNDB-2014-004484 // NVD: CVE-2014-3824

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-997

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201409-997

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004484

PATCH

title:

JSA10646

url:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646

Trust: 0.8

sources: JVNDB: JVNDB-2014-004484

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3824	Trust: 2.8
db:	JUNIPER	id:	JSA10646	Trust: 2.0
db:	BID	id:	69804	Trust: 2.0
db:	JVNDB	id:	JVNDB-2014-004484	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-997	Trust: 0.7
db:	VULHUB	id:	VHN-71764	Trust: 0.1

sources: VULHUB: VHN-71764 // BID: 69804 // JVNDB: JVNDB-2014-004484 // CNNVD: CNNVD-201409-997 // NVD: CVE-2014-3824

REFERENCES

url:	http://www.securityfocus.com/bid/69804	Trust: 1.7
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10646	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3824	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3824	Trust: 0.8
url:	http://www.juniper.net	Trust: 0.3
url:	http://www.juniper.net/us/en/products-services/software/junos-platform/junos-pulse/secure-access/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10646&cat=sirt_1&actp=list	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10646	Trust: 0.1

sources: VULHUB: VHN-71764 // BID: 69804 // JVNDB: JVNDB-2014-004484 // CNNVD: CNNVD-201409-997 // NVD: CVE-2014-3824

CREDITS

anonymous from VeriSign iDefense Labs

Trust: 0.9

sources: BID: 69804 // CNNVD: CNNVD-201409-997

SOURCES

db:	VULHUB	id:	VHN-71764
db:	BID	id:	69804
db:	JVNDB	id:	JVNDB-2014-004484
db:	CNNVD	id:	CNNVD-201409-997
db:	NVD	id:	CVE-2014-3824

LAST UPDATE DATE

2025-04-13T23:36:34.670000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71764	date:	2016-04-01T00:00:00
db:	BID	id:	69804	date:	2014-09-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004484	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201409-997	date:	2014-10-08T00:00:00
db:	NVD	id:	CVE-2014-3824	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71764	date:	2014-09-29T00:00:00
db:	BID	id:	69804	date:	2014-09-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004484	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201409-997	date:	2014-09-28T00:00:00
db:	NVD	id:	CVE-2014-3824	date:	2014-09-29T14:55:08.797