Sign-up

ID

VAR-201508-0201


CVE

CVE-2015-5369


TITLE

plural Pulse Connect Secure Vulnerabilities in products that allow man-in-the-middle attacks

Trust: 0.8

sources: JVNDB: JVNDB-2015-004041

DESCRIPTION

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlSkillfully crafted by a third party Finished Man-in-the-middle attacks via messages (man-in-the-middle attack) May be executed. Pulse Connect Secure (also known as PCS, formerly known as Juniper PCS) PSC6000, PCS6500, MAG PSC360 and PPS are all products of American Pulse Secure company. PCS is a set of SSL VPN solutions. PPS is a set of NAC and BYOD solutions. There are security vulnerabilities in several Pulse Secure PCS products. The following products and versions are affected: Pulse Secure PCS PSC6000, PCS6500, MAG PSC360 Version 8.1, Version 8.0, Version 7.4, Version 7.1, PPS Version 5.1

Trust: 1.71

sources: NVD: CVE-2015-5369 // JVNDB: JVNDB-2015-004041 // VULHUB: VHN-83330

AFFECTED PRODUCTS

vendor:junipermodel:pulse connect securescope:eqversion:5.1

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:8.0

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:7.4

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:7.1

Trust: 1.6

vendor:junipermodel:pulse connect securescope:eqversion:8.1

Trust: 1.6

vendor:junipermodel:pcs6500scope: - version: -

Trust: 0.8

vendor:junipermodel:pulse policy securescope:ltversion:5.1 (mag psc360)

Trust: 0.8

vendor:junipermodel:pulse connect securescope:eqversion:7.4r13.5

Trust: 0.8

vendor:junipermodel:pulse policy securescope:eqversion:5.0r13

Trust: 0.8

vendor:junipermodel:pulse connect securescope:ltversion:7.4

Trust: 0.8

vendor:junipermodel:pulse connect securescope:eqversion:8.0r13

Trust: 0.8

vendor:junipermodel:mag psc360scope: - version: -

Trust: 0.8

vendor:junipermodel:pulse policy securescope:eqversion:5.1r5

Trust: 0.8

vendor:junipermodel:pulse connect securescope:eqversion:7.1r22.2

Trust: 0.8

vendor:junipermodel:psc6000scope: - version: -

Trust: 0.8

vendor:junipermodel:pulse connect securescope:ltversion:8.1

Trust: 0.8

vendor:junipermodel:pulse connect securescope:eqversion:8.1r5

Trust: 0.8

vendor:junipermodel:pulse connect securescope:ltversion:8.0

Trust: 0.8

vendor:junipermodel:pulse connect securescope:ltversion:7.1

Trust: 0.8

vendor:junipermodel:pulse policy securescope:ltversion:5.0 (mag psc360)

Trust: 0.8

sources: JVNDB: JVNDB-2015-004041 // CNNVD: CNNVD-201508-052 // NVD: CVE-2015-5369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5369
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5369
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-052
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83330
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5369
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-83330
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83330 // JVNDB: JVNDB-2015-004041 // CNNVD: CNNVD-201508-052 // NVD: CVE-2015-5369

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-17

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-83330 // JVNDB: JVNDB-2015-004041 // NVD: CVE-2015-5369

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-052

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201508-052

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004041

PATCH
title:SA40004url:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004041

EXTERNAL IDS
db:SECTRACKid:1033166
Trust: 2.5
db:NVDid:CVE-2015-5369
Trust: 2.5
db:PULSESECUREid:SA40004
Trust: 1.7
db:JVNDBid:JVNDB-2015-004041
Trust: 0.8
db:CNNVDid:CNNVD-201508-052
Trust: 0.7
db:VULHUBid:VHN-83330
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83330 // 
            
            
            
            JVNDB: JVNDB-2015-004041 // 
            
            
            
            CNNVD: CNNVD-201508-052 // 
            
            
            
            NVD: CVE-2015-5369

REFERENCES
url:http://www.securitytracker.com/id/1033166
Trust: 2.5
url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40004
Trust: 1.7
url:https://vivaldi.net/en-us/blogs/entry/the-poodle-has-friends
Trust: 1.7
url:http://kb.juniper.net/infocenter/index?page=content&id=tsb16756
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5369
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5369
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=tsb16756
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83330 // 
            
            
            
            JVNDB: JVNDB-2015-004041 // 
            
            
            
            CNNVD: CNNVD-201508-052 // 
            
            
            
            NVD: CVE-2015-5369

SOURCES
db:VULHUBid:VHN-83330
db:JVNDBid:JVNDB-2015-004041
db:CNNVDid:CNNVD-201508-052
db:NVDid:CVE-2015-5369

LAST UPDATE DATE
2025-04-13T23:37:31.593000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83330date:2015-08-11T00:00:00
db:JVNDBid:JVNDB-2015-004041date:2015-08-12T00:00:00
db:CNNVDid:CNNVD-201508-052date:2015-08-12T00:00:00
db:NVDid:CVE-2015-5369date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83330date:2015-08-11T00:00:00
db:JVNDBid:JVNDB-2015-004041date:2015-08-12T00:00:00
db:CNNVDid:CNNVD-201508-052date:2015-08-12T00:00:00
db:NVDid:CVE-2015-5369date:2015-08-11T14:59:12.710