On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an malicious user to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions before 12.3X48-D105; 15.1X49 versions before 15.1X49-D190; 16.1 versions before 16.1R7-S8; 17.2 versions before 17.2R3-S4; 17.3 versions before 17.3R3-S8; 17.4 versions before 17.4R2-S11, 17.4R3; 18.1 versions before 18.1R3-S7; 18.2 versions before 18.2R3; 18.3 versions before 18.3R2-S4, 18.3R3; 18.4 versions before 18.4R1-S7, 18.4R2; 19.1 versions before 19.1R2; 19.2 versions before 19.2R1-S4, 19.2R2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
juniper junos 12.3x48 |
||
juniper junos 15.1x49 |
||
juniper junos 16.1 |
||
juniper junos 17.2 |
||
juniper junos 17.3 |
||
juniper junos 17.4 |
||
juniper junos 18.1 |
||
juniper junos 18.2 |
||
juniper junos 18.3 |
||
juniper junos 18.4 |
||
juniper junos 19.1 |
||
juniper junos 19.2 |