CVE-2018-0025

Name of the Vulnerable Software and Affected Versions: Juniper Networks SRX Series versions prior to 12.1X46-D67 Juniper Networks SRX Series versions prior to 12.3X48-D25 Juniper Networks SRX Series versions prior to 15.1X49-D35

Description: The issue affects devices configured to use HTTP/HTTPS pass-through authentication services, where a client's authentication credentials in the initial HTTP/HTTPS session may be captured by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP and Telnet pass-through authentication services are not affected.

Recommendations: For versions prior to 12.1X46-D67, update to 12.1X46-D67 or later. For versions prior to 12.3X48-D25, update to 12.3X48-D25 or later. For versions prior to 15.1X49-D35, update to 15.1X49-D35 or later.