Detections
Analytics
Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) Linux Network Connect Client Local Privilege Escalation (JSA10616)
high Nessus Plugin ID 73057
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, the version of Juniper Junos Pulse Secure Access Service IVE OS running on the remote host serves out a Network Connect Client, a Java-based VPN client, that is affected by a local privilege escalation vulnerability when run on Linux end-user systems.Solution
Upgrade to Juniper Junos Pulse Secure Access Service IVE OS version 7.1r17 / 7.3r10 / 7.4r8 / 8.0r2 or later.See Also
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10616
Plugin Details
Severity: High
ID: 73057
File Name: junos_pulse_sa_jsa10616.nasl
Version: 1.4
Type: local
Family: Misc.
Published: 3/17/2014
Updated: 7/12/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:juniper:ive_os, cpe:/a:juniper:junos_pulse_secure_access_service
Required KB Items: Host/Juniper/IVE OS/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 12/4/2013
Vulnerability Publication Date: 3/12/2014
Reference Information
CVE: CVE-2014-2292
BID: 66379