CVE-2015-5369
Last modified
CVE-2015-5369 is a vulnerability of currently unknown severity. Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.. EPSS estimates a 1.75% chance of exploitation in the next 30 days.
Description
Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Pulse Connect Secure | 5.1 |
| Juniper | Pulse Connect Secure | 7.1 |
| Juniper | Pulse Connect Secure | 7.4 |
| Juniper | Pulse Connect Secure | 8.0 |
| Juniper | Pulse Connect Secure | 8.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-5369?
How severe is CVE-2015-5369?
How do I fix CVE-2015-5369?
Are you affected by CVE-2015-5369?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST