PT-2017-11415 · Juniper Networks · Junos
Published
2017-10-13
·
Updated
2019-10-09
·
CVE-2017-10620
CVSS v3.1
7.4
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Junos OS versions 12.1X46 prior to 12.1X46-D71
Junos OS versions 12.3X48 prior to 12.3X48-D55
Junos OS versions 15.1X49 prior to 15.1X49-D110
Description
The issue allows a man-in-the-middle attacker to inject bogus signatures, potentially causing service disruptions or preventing the device from detecting certain types of attacks, as Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates.
Recommendations
For Junos OS versions 12.1X46 prior to 12.1X46-D71, update to version 12.1X46-D71 or later.
For Junos OS versions 12.3X48 prior to 12.3X48-D55, update to version 12.3X48-D55 or later.
For Junos OS versions 15.1X49 prior to 15.1X49-D110, update to version 15.1X49-D110 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos