Junos SSL/TLS MITM Vulnerability Network Vulnerability

Summary

Junos OS is prone to a OpenSSL man in the middle security bypass vulnerability.

Impact

An attacker may leverage a MITM attack and decrypt and modify traffic from attacked client and server. The attack can only be performed between a vulnerable client and server.

Solution

New builds of Junos OS software are available from Juniper.

Insight

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers which can be exploited to perform a man in the middle attack.

Affected

Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2 and 13.3

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10629

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0224

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Junos RDP Crash Vulnerability
Junos SSL/TLS MITM Vulnerability
Junos Exclusive Edit Mode Privilege Escalation Vulnerability
Junos J-Web XSS Vulnerability
Junos J-Web Persistent Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities