CVE-2019-0054
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 15.1X49 < 15.1X49-D120 | affected |
Weaknesses
- CWE-295: CWE-295 Improper Certificate Validation
- CWE-300: CWE-300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Workarounds
Set the following command in the device for affected releases:
set services application-identification download secure-download
ADP Enrichment
CVE Program Container
Additional References
- https://kb.juniper.net/JSA10952
- https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application-identification-overview.html
References
- https://kb.juniper.net/JSA10952
- https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application-identification-overview.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.