CVE-2015-5361

Name of the Vulnerable Software and Affected Versions: SRX (affected versions not specified)

Description: The issue arises from the ftps-extensions option, which is disabled by default. This option is intended to provide functionality similar to regular, unencrypted FTP traffic when the SRX secures the FTP/FTPS client. However, when the SRX secures the FTPS server, the ftps-extensions option can allow an FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated with the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period, allowing an FTPS client access for an equal duration.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.