CVE-2019-0054

High

An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper…

juniper·CWE-295·Published 2019-10-09

CVSS

7.4

EPSS

0.01

KEV

Exploits

cve.orgen

435 chars

An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.

NVDen

435 chars

NVDes

513 chars

Una debilidad de Comprobación de Certificado Inapropiada en el cliente de actualización de firma de SRX Series Application Identification (app-id) de Juniper Networks Junos OS, permite a un atacante realizar ataques de tipo Man-in-the-Middle (MitM) que pueden comprometer la integridad y confidencialidad del dispositivo . Este problema afecta a: Juniper Networks Junos OS versiones 15.1X49 anteriores a 15.1X49-D120 en dispositivos de la Serie SRX. Ninguna otra versión del sistema operativo Junos está afectada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
3.1	Primary	NVD	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
3.1	Secondary	NVD	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N