VIR Vulnerability Intelligence Relay

CVE-2013-3970

medium
Published 2013-06-13 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
4.3

Description

Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
juniperjunos_pulse_secure_access_service7.0r2
juniperjunos_pulse_secure_access_service7.0r3
juniperjunos_pulse_secure_access_service7.0r4
juniperjunos_pulse_secure_access_service7.0r5
juniperjunos_pulse_secure_access_service7.0r5.1
juniperjunos_pulse_secure_access_service7.0r6
juniperjunos_pulse_secure_access_service7.0r7
juniperjunos_pulse_secure_access_service7.0r8
juniperjunos_pulse_secure_access_service7.1r1
juniperjunos_pulse_secure_access_service7.1r1.1
juniperjunos_pulse_secure_access_service7.1r2
juniperjunos_pulse_secure_access_service7.1r3
juniperjunos_pulse_secure_access_service7.1r4
juniperjunos_pulse_secure_access_service7.1r5
juniperjunos_pulse_access_control_service4.1r1
juniperjunos_pulse_access_control_service4.1r1.1
juniperjunos_pulse_access_control_service4.1r2
juniperjunos_pulse_access_control_service4.1r3
juniperjunos_pulse_access_control_service4.1r4
juniperjunos_pulse_access_control_service4.1r5

References

CWEs

CWE-310

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.