Vulnerability Description
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110;
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 12.1x46 |
| Juniper | Srx100 | - |
| Juniper | Srx110 | - |
| Juniper | Srx1400 | - |
| Juniper | Srx1500 | - |
| Juniper | Srx210 | - |
| Juniper | Srx220 | - |
| Juniper | Srx240 | - |
| Juniper | Srx300 | - |
| Juniper | Srx320 | - |
| Juniper | Srx340 | - |
| Juniper | Srx3400 | - |
| Juniper | Srx345 | - |
| Juniper | Srx3600 | - |
| Juniper | Srx4100 | - |
| Juniper | Srx4200 | - |
| Juniper | Srx5400 | - |
| Juniper | Srx550 | - |
| Juniper | Srx5600 | - |
| Juniper | Srx5800 | - |
Related Weaknesses (CWE)
References
- https://kb.juniper.net/JSA10822Vendor Advisory
- https://kb.juniper.net/JSA10822Vendor Advisory
FAQ
What is CVE-2017-10620?
CVE-2017-10620 is a vulnerability with a CVSS score of 7.4 (HIGH). Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures...
How severe is CVE-2017-10620?
CVE-2017-10620 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-10620?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Srx100, Juniper Srx110, Juniper Srx1400, Juniper Srx1500.