Vulnerability Description
Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Pulse Connect Secure | 5.1 |
| Juniper | Mag Pcs360 | - |
| Juniper | Pcs6000 | - |
| Juniper | Pcs6500 | - |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756
- http://www.securitytracker.com/id/1033166
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004
- https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends
- http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756
- http://www.securitytracker.com/id/1033166
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004
- https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends
FAQ
What is CVE-2015-5369?
CVE-2015-5369 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and ...
How severe is CVE-2015-5369?
CVE-2015-5369 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5369?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Pulse Connect Secure, Juniper Mag Pcs360, Juniper Pcs6000, Juniper Pcs6500.