CVE-2019-0054 — Improper Certificate Validation in Networks Junos OS

CWE-295 — Improper Certificate Validation CWE-300 — Channel Accessible by Non-Endpoint3 documents3 sources

Severity

7.4HIGHNVD

EPSS

0.1%

top 76.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +1 more

Timeline

PublishedOct 9

Latest updateMay 24

Description

An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os15.1X49 — 15.1X49-D120

▶NVDjuniper/junos15.1x49

▶juniperjuniper/junos_os

▶juniperjuniper/srx_series

🔴Vulnerability Details

GHSA

GHSA-5fw8-5jwx-qwh6: An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS↗2022-05-24

▶

📋Vendor Advisories

Juniper

CVE-2019-0054: An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS↗2019-10-09

▶