Published: 11/07/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions before 12.1X46-D67 on SRX Series; 12.3X48 versions before 12.3X48-D25 on SRX Series; 15.1X49 versions before 15.1X49-D35 on SRX Series.

Vulnerable Product	Search on Vulmon	Subscribe to Product
juniper junos 12.1x46
juniper junos 12.3x48
juniper junos 15.1x49

NVD-CWE-noinfo https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html https://kb.juniper.net/JSA10858 http://www.securityfocus.com/bid/104719 http://www.securitytracker.com/id/1041316 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-0025

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect