Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle malicious user to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 before 12.1X46-D71; 12.3X48 before 12.3X48-D55; 15.1X49 before 15.1X49-D110;
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
juniper junos 12.1x46 |
||
juniper junos 12.3x48 |
||
juniper junos 15.1x49 |