NVD

Id
26552  
Name
CVE-2015-5369  
Description
Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-08-11  
Modified Date
2015-08-11  
Seq
2015-5369  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
140571 26552 CVE-2015-5369 http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756  View
140572 26552 CVE-2015-5369 1033166  View
140573 26552 CVE-2015-5369 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004  View
140574 26552 CVE-2015-5369 https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
8721 JVNDB-2015-004041 複数の Pulse Connect Secure 製品における中間者攻撃を実行される脆弱性 Pulse Connect Secure (別名 PCS/旧 Juniper PCS) PSC6000、 PCS6500、および MAG PSC360 は、Hardware Acceleration が有効になっている場合、Finished TLS ハンドシェイクメッセージを適切に検証しないため、中間者攻撃 (man-in-the-middle attack) を実行される脆弱性が存在します。 CVE-2015-5369 82594 CVE-2015-5369 26552 4.3 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004041.html 2015-08-01 2015-08-12 View