First published: Wed Oct 09 2019(Updated: )
An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper JUNOS | =15.1x49 | |
Juniper JUNOS | =15.1x49-d10 | |
Juniper JUNOS | =15.1x49-d100 | |
Juniper JUNOS | =15.1x49-d110 | |
Juniper JUNOS | =15.1x49-d20 | |
Juniper JUNOS | =15.1x49-d30 | |
Juniper JUNOS | =15.1x49-d35 | |
Juniper JUNOS | =15.1x49-d40 | |
Juniper JUNOS | =15.1x49-d45 | |
Juniper JUNOS | =15.1x49-d50 | |
Juniper JUNOS | =15.1x49-d55 | |
Juniper JUNOS | =15.1x49-d60 | |
Juniper JUNOS | =15.1x49-d65 | |
Juniper JUNOS | =15.1x49-d70 | |
Juniper JUNOS | =15.1x49-d75 | |
Juniper JUNOS | =15.1x49-d80 | |
Juniper JUNOS | =15.1x49-d90 | |
Juniper Csrx | ||
Juniper Srx100 | ||
Juniper Srx110 | ||
Juniper Srx1400 | ||
Juniper Srx1500 | ||
Juniper Srx210 | ||
Juniper Srx220 | ||
Juniper Srx240 | ||
Juniper Srx300 | ||
Juniper Srx320 | ||
Juniper Srx340 | ||
Juniper Srx3400 | ||
Juniper Srx345 | ||
Juniper Srx3600 | ||
Juniper Srx4100 | ||
Juniper Srx4200 | ||
Juniper Srx4600 | ||
Juniper Srx5400 | ||
Juniper Srx550 | ||
Juniper Srx550 Hm | ||
Juniper Srx5600 | ||
Juniper Srx5800 | ||
Juniper Srx650 | ||
Juniper vSRX |
The following software releases have been updated to resolve this specific issue: 15.1X49-D120, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0054 is an Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS.
The severity of CVE-2019-0054 is high with a CVSS score of 7.4.
CVE-2019-0054 affects Juniper JUNOS versions 15.1x49-d10 to 15.1x49-d90.
CVE-2019-0054 may compromise the integrity and confidentiality of the device and allow Man-in-the-Middle (MitM) attacks.
You can find more information about CVE-2019-0054 in the Juniper Networks knowledge base article JSA10952 and the Juniper Networks Junos OS documentation on security and application identification.