PT-2018-8573 · Juniper Networks · Srx Series+1
Published
2018-07-11
·
Updated
2019-10-09
·
CVE-2018-0025
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Juniper Networks SRX Series versions prior to 12.1X46-D67
Juniper Networks SRX Series versions prior to 12.3X48-D25
Juniper Networks SRX Series versions prior to 15.1X49-D35
Description:
The issue affects devices configured to use HTTP/HTTPS pass-through authentication services, where a client's authentication credentials in the initial HTTP/HTTPS session may be captured by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP and Telnet pass-through authentication services are not affected.
Recommendations:
For versions prior to 12.1X46-D67, update to 12.1X46-D67 or later.
For versions prior to 12.3X48-D25, update to 12.3X48-D25 or later.
For versions prior to 15.1X49-D35, update to 15.1X49-D35 or later.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Junos
Srx Series