CVE-2017-10620: SRX Series: Antivirus updates are downloaded without verification
First published: Fri Oct 13 2017(Updated: )
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110;
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Junos OS Evolved | =12.1x46 | |
| Junos OS Evolved | =12.1x46-d10 | |
| Junos OS Evolved | =12.1x46-d15 | |
| Junos OS Evolved | =12.1x46-d20 | |
| Junos OS Evolved | =12.1x46-d25 | |
| Junos OS Evolved | =12.1x46-d30 | |
| Junos OS Evolved | =12.1x46-d35 | |
| Junos OS Evolved | =12.1x46-d40 | |
| Junos OS Evolved | =12.1x46-d45 | |
| Junos OS Evolved | =12.1x46-d50 | |
| Junos OS Evolved | =12.1x46-d55 | |
| Junos OS Evolved | =12.1x46-d60 | |
| Junos OS Evolved | =12.1x46-d65 | |
| Juniper SRX100 | ||
| Juniper SRX110 | ||
| Juniper SRX1400 | ||
| Juniper SRX1500 | ||
| Juniper SRX210 | ||
| Juniper SRX220 | ||
| Juniper SRX240 | ||
| Juniper SRX300 | ||
| Juniper SRX320 | ||
| Juniper SRX340 | ||
| Juniper SRX3400 | ||
| Juniper SRX345 | ||
| Juniper SRX3600 | ||
| Juniper SRX4100 | ||
| Juniper SRX4200 | ||
| Juniper SRX5400 | ||
| Juniper SRX550 | ||
| Juniper SRX5600 | ||
| Juniper SRX5800 | ||
| Juniper SRX650 | ||
| Junos OS Evolved | =12.3x48 | |
| Junos OS Evolved | =12.3x48-d10 | |
| Junos OS Evolved | =12.3x48-d15 | |
| Junos OS Evolved | =12.3x48-d20 | |
| Junos OS Evolved | =12.3x48-d25 | |
| Junos OS Evolved | =12.3x48-d30 | |
| Junos OS Evolved | =12.3x48-d35 | |
| Junos OS Evolved | =12.3x48-d40 | |
| Junos OS Evolved | =12.3x48-d45 | |
| Junos OS Evolved | =12.3x48-d50 | |
| Junos OS Evolved | =12.3x48-d55 | |
| Junos OS Evolved | =15.1x49 | |
| Junos OS Evolved | =15.1x49-d10 | |
| Junos OS Evolved | =15.1x49-d100 | |
| Junos OS Evolved | =15.1x49-d20 | |
| Junos OS Evolved | =15.1x49-d30 | |
| Junos OS Evolved | =15.1x49-d35 | |
| Junos OS Evolved | =15.1x49-d40 | |
| Junos OS Evolved | =15.1x49-d45 | |
| Junos OS Evolved | =15.1x49-d50 | |
| Junos OS Evolved | =15.1x49-d55 | |
| Junos OS Evolved | =15.1x49-d60 | |
| Junos OS Evolved | =15.1x49-d65 | |
| Junos OS Evolved | =15.1x49-d70 | |
| Junos OS Evolved | =15.1x49-d75 | |
| Junos OS Evolved | =15.1x49-d80 | |
| Junos OS Evolved | =15.1x49-d90 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-10620?
CVE-2017-10620 has a medium severity because it allows man-in-the-middle attacks that can disrupt services.
How do I fix CVE-2017-10620?
To fix CVE-2017-10620, upgrade to a patched version of Junos OS that verifies HTTPS server certificates before downloading updates.
Which versions of software are affected by CVE-2017-10620?
CVE-2017-10620 affects specific versions of Junos OS 12.1x46 and 12.3x48, along with various updates and patches.
What types of attacks could CVE-2017-10620 facilitate?
CVE-2017-10620 could facilitate service disruptions or failure to detect certain types of attacks via injected bogus signatures.
Is CVE-2017-10620 specific to certain hardware?
CVE-2017-10620 is specific to Juniper Networks SRX series devices running the affected versions of Junos OS.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/junos os evolved
- version/junos os evolved/12.1x46
- version/junos os evolved/12.1x46-d10
- version/junos os evolved/12.1x46-d15
- version/junos os evolved/12.1x46-d20
- version/junos os evolved/12.1x46-d25
- version/junos os evolved/12.1x46-d30
- version/junos os evolved/12.1x46-d35
- version/junos os evolved/12.1x46-d40
- version/junos os evolved/12.1x46-d45
- version/junos os evolved/12.1x46-d50
- version/junos os evolved/12.1x46-d55
- version/junos os evolved/12.1x46-d60
- version/junos os evolved/12.1x46-d65
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx1500
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx3400
- canonical/juniper srx345
- canonical/juniper srx3600
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650
- version/junos os evolved/12.3x48
- version/junos os evolved/12.3x48-d10
- version/junos os evolved/12.3x48-d15
- version/junos os evolved/12.3x48-d20
- version/junos os evolved/12.3x48-d25
- version/junos os evolved/12.3x48-d30
- version/junos os evolved/12.3x48-d35
- version/junos os evolved/12.3x48-d40
- version/junos os evolved/12.3x48-d45
- version/junos os evolved/12.3x48-d50
- version/junos os evolved/12.3x48-d55
- version/junos os evolved/15.1x49
- version/junos os evolved/15.1x49-d10
- version/junos os evolved/15.1x49-d100
- version/junos os evolved/15.1x49-d20
- version/junos os evolved/15.1x49-d30
- version/junos os evolved/15.1x49-d35
- version/junos os evolved/15.1x49-d40
- version/junos os evolved/15.1x49-d45
- version/junos os evolved/15.1x49-d50
- version/junos os evolved/15.1x49-d55
- version/junos os evolved/15.1x49-d60
- version/junos os evolved/15.1x49-d65
- version/junos os evolved/15.1x49-d70
- version/junos os evolved/15.1x49-d75
- version/junos os evolved/15.1x49-d80
- version/junos os evolved/15.1x49-d90