CVE-2017-2342

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 15.1X49-D100 on SRX300 series

Description The MACsec feature on Juniper Networks Junos OS does not report errors when a secure link cannot be established, falling back to an unencrypted link instead. This can occur when MACsec is configured on ports that are not capable of MACsec or when a secure link cannot be established, potentially misleading customers into believing that a link is secure.

Recommendations For Junos OS versions prior to 15.1X49-D100 on SRX300 series, update to version 15.1X49-D100 or later to resolve the issue. As a temporary workaround, consider avoiding the configuration of MACsec on ports that are not MACsec capable to minimize the risk of exploitation.