Published: 11/08/2015 Updated: 11/08/2015
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 prior to 8.1r5, 8.0 prior to 8.0r13, 7.4 prior to 7.4r13.5, and 7.1 prior to 7.1r22.2 and PPS 5.1 prior to 5.1R5 and 5.0 prior to 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote malicious users to conduct man-in-the-middle attacks via a crafted Finished message.

Affected Products

Vendor Product Versions
JuniperPulse Connect Secure5.1, 7.1, 7.4, 8.0, 8.1