CVE-2017-10620 : What You Need to Know

Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates, potentially enabling man-in-the-middle attacks.

Understanding CVE-2017-10620

The vulnerability in Juniper Networks Junos OS on SRX series devices allows for the injection of false signatures during anti-virus updates, leading to service disruptions or failure to detect certain attacks.

What is CVE-2017-10620?

The HTTPS server certificate is not verified by Juniper Networks Junos OS on SRX series devices when downloading anti-virus updates, posing a risk of man-in-the-middle attacks.

The Impact of CVE-2017-10620

Attack Complexity: High
Attack Vector: Network
Availability Impact: High
Base Score: 7.4 (High)
Integrity Impact: High

Technical Details of CVE-2017-10620

Vulnerability Description

Juniper Networks Junos OS on SRX series devices lacks HTTPS server certificate verification during anti-virus updates, potentially allowing for malicious injections.

Affected Systems and Versions

Platforms: SRX Series
Product: Junos OS
Affected Versions:
12.1X46 prior to 12.3X46-D71
12.3X48 prior to 12.3X48-D55
15.1X49 prior to 15.1X49-D110

Exploitation Mechanism

The lack of HTTPS server certificate verification in Juniper Networks Junos OS on SRX series devices can be exploited by attackers to inject false signatures during anti-virus updates.

Mitigation and Prevention

Immediate Steps to Take

Update to the following software releases: 12.1X46-D71, 12.1X46-D73, 12.3X48-D55, 15.1X49-D110, 17.4R1, and subsequent versions.
Monitor for security advisories and patches from Juniper Networks.

Long-Term Security Practices

Implement access lists or firewall filters to restrict access to devices from trusted networks.

Patching and Updates

Regularly apply security patches and updates provided by Juniper Networks.