vulnerability

Juniper Junos OS: 2017-10 Security Bulletin: SRX Series: Antivirus updates are downloaded without verification (JSA10822) (CVE-2017-10620)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:N/I:P/A:P)	2017-10-12	2017-10-12	2022-03-21

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:P)

Published

2017-10-12

Added

2017-10-12

Modified

2022-03-21

Description

Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110;

Solution

juniper-junos-os-upgrade-latest

References

CVE-2017-10620
https://attackerkb.com/topics/CVE-2017-10620
JUNIPER-JSA10822

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today