VAR-201508-0201
Vulnerability from variot - Updated: 2025-04-13 23:37Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlSkillfully crafted by a third party Finished Man-in-the-middle attacks via messages (man-in-the-middle attack) May be executed. Pulse Connect Secure (also known as PCS, formerly known as Juniper PCS) PSC6000, PCS6500, MAG PSC360 and PPS are all products of American Pulse Secure company. PCS is a set of SSL VPN solutions. PPS is a set of NAC and BYOD solutions. There are security vulnerabilities in several Pulse Secure PCS products. The following products and versions are affected: Pulse Secure PCS PSC6000, PCS6500, MAG PSC360 Version 8.1, Version 8.0, Version 7.4, Version 7.1, PPS Version 5.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.1"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "8.1"
},
{
"model": "pcs6500",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "pulse policy secure",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "5.1 (mag psc360)"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4r13.5"
},
{
"model": "pulse policy secure",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "5.0r13"
},
{
"model": "pulse connect secure",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "8.0r13"
},
{
"model": "mag psc360",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "pulse policy secure",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "5.1r5"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.1r22.2"
},
{
"model": "psc6000",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "pulse connect secure",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "8.1"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "8.1r5"
},
{
"model": "pulse connect secure",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "pulse connect secure",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.1"
},
{
"model": "pulse policy secure",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "5.0 (mag psc360)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-052"
},
{
"db": "NVD",
"id": "CVE-2015-5369"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:juniper:mag_pcs360",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:juniper:pcs6500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:juniper:pcs6000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:juniper:pulse_connect_secure",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:juniper:pulse_policy_secure",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
}
]
},
"cve": "CVE-2015-5369",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-5369",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-83330",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5369",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-5369",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-052",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83330",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83330"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-052"
},
{
"db": "NVD",
"id": "CVE-2015-5369"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlSkillfully crafted by a third party Finished Man-in-the-middle attacks via messages (man-in-the-middle attack) May be executed. Pulse Connect Secure (also known as PCS, formerly known as Juniper PCS) PSC6000, PCS6500, MAG PSC360 and PPS are all products of American Pulse Secure company. PCS is a set of SSL VPN solutions. PPS is a set of NAC and BYOD solutions. There are security vulnerabilities in several Pulse Secure PCS products. The following products and versions are affected: Pulse Secure PCS PSC6000, PCS6500, MAG PSC360 Version 8.1, Version 8.0, Version 7.4, Version 7.1, PPS Version 5.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5369"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
},
{
"db": "VULHUB",
"id": "VHN-83330"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECTRACK",
"id": "1033166",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2015-5369",
"trust": 2.5
},
{
"db": "PULSESECURE",
"id": "SA40004",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004041",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-052",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-83330",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83330"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-052"
},
{
"db": "NVD",
"id": "CVE-2015-5369"
}
]
},
"id": "VAR-201508-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-83330"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:37:31.593000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA40004",
"trust": 0.8,
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-17",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83330"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
},
{
"db": "NVD",
"id": "CVE-2015-5369"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id/1033166"
},
{
"trust": 1.7,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40004"
},
{
"trust": 1.7,
"url": "https://vivaldi.net/en-us/blogs/entry/the-poodle-has-friends"
},
{
"trust": 1.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=tsb16756"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5369"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5369"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=tsb16756"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83330"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-052"
},
{
"db": "NVD",
"id": "CVE-2015-5369"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-83330"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-052"
},
{
"db": "NVD",
"id": "CVE-2015-5369"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-83330"
},
{
"date": "2015-08-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004041"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-052"
},
{
"date": "2015-08-11T14:59:12.710000",
"db": "NVD",
"id": "CVE-2015-5369"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-83330"
},
{
"date": "2015-08-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004041"
},
{
"date": "2015-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-052"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-5369"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Pulse Connect Secure Vulnerabilities in products that allow man-in-the-middle attacks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004041"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-052"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…