Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2010-06 Security Bulletin: Secure Access (SA) & Unified Access Control (UAC): Connecting to untrusted SA or UAC

0

0

Article ID: JSA10443 SECURITY_ADVISORIES Last Updated: 30 Nov 2020Version: 2.0
Legacy Advisory Id:
PSN-2010-05-750
Product Affected:
IVE: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA 6500, SA 3000 FIPS, SA 4000 FIPS, SA 4500 FIPS, SA 5000 FIPS, SA 6000 FIPS, SA 6500 FIPS IC: IC4000, IC4500, IC6000, IC6500, IC6500 FIPS
Problem:
SA and UAC use ActiveX controls or Java applets to install and launch client software from a web browser. Due to the inherent problems with using ActiveX and Java applet, users can unknowingly connect to untrusted/rogue SA and UAC and components can be launched without their knowledge.
Solution:
The Trusted Server List (also known as allowlist) is a new feature added to address the issue.

Due to the behavioral change and impact of the end user environment, Juniper has added this feature in 6.5 IVE OS release and higher and UAC 3.1 release and higher.

Information regarding the Juniper Network fix policy for Security Issues can be found at KB16765 "In which releases are vulnerabilities fixed?"
 
Workaround:
None
Modification History:
2010-06-09: Initial Publication
2020-11-06: Updated terminology

CVSS Score:
5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Severity Level:
Medium
Severity Assessment:
- User can unknowingly connect to a rogue SA or IC.

Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search