CVE-2019-0054

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 15.1X49-D120 on SRX Series devices.

Description The issue is related to an Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client, allowing an attacker to perform Man-in-the-Middle (MitM) attacks. This may compromise the integrity and confidentiality of the device.

Recommendations For Juniper Networks Junos OS versions prior to 15.1X49-D120 on SRX Series devices, update to version 15.1X49-D120 or later to resolve the issue. As a temporary workaround, consider restricting access to the app-id signature update client until a patch is applied.