CVE-2017-10620

Name of the Vulnerable Software and Affected Versions Junos OS versions 12.1X46 prior to 12.1X46-D71 Junos OS versions 12.3X48 prior to 12.3X48-D55 Junos OS versions 15.1X49 prior to 15.1X49-D110

Description The issue allows a man-in-the-middle attacker to inject bogus signatures, potentially causing service disruptions or preventing the device from detecting certain types of attacks, as Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates.

Recommendations For Junos OS versions 12.1X46 prior to 12.1X46-D71, update to version 12.1X46-D71 or later. For Junos OS versions 12.3X48 prior to 12.3X48-D55, update to version 12.3X48-D55 or later. For Junos OS versions 15.1X49 prior to 15.1X49-D110, update to version 15.1X49-D110 or later.