CVE-2015-5361
Vulnerability from cvelistv5
Published
2020-02-28 22:25
Modified
2024-09-16 16:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.​ Note that the ftps-extensions option is not enabled by default.
References
cve@mitre.orghttps://kb.juniper.net/JSA10706Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.juniper.net/JSA10706Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:09.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10706"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.\u200b Note that the ftps-extensions option is not enabled by default."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-22T21:35:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10706"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The overall behavior of the FTP ALG with the ftps-extensions option is intended behavior and will not change. The key component to this advisory is increasing user awareness of the wide TCP data channel (gate) creation, allowing creation of any new sessions from client to server, and potential implications where the SRX protects the FTPS server and the server/load-balancer allows the control channel to remain open for an extended period.\n\nInvestigation into the issue identified two issues applicable to environments where the SRX protects both FTPS clients and servers, as well as uses FTP and FTPS over the same TCP ports to different servers.\n\n\u200bDue to the recent changes of OpenSSL, the FTP ALG without the ftps-extensions option may block FTPS commands over the FTP control channel. This is client and server specific, and was observed with FTPS clients that use recent versions of OpenSSL. This may result in security administrators enabling the ftps-extensions option with the intent of allowing the commands to pass, but inadvertently allowing wide gate creation. This was observed in a configuration with simultaneous FTPS client/server use, with use of the same ports for FTP and FTPS traffic.\n\nThe ftps-extension option is not supported when the SRX performs a destination NAT of the FTPS server, as the ALG cannot inspect the control channel to modify the server\u2019s IP address signaled to the client. In an environment of simultaneous FTP and FTPS server use with the ftps-extensions option enabled, the gate is created but is generally unusable by the FTPS client. However, an FTPS client with knowledge of the server\u2019s real IP address, its NAT\u2019d IP address, and routing reachability to the server\u2019s real IP address may be able to use the wide gate to reach the FTPS server.\nThe software releases listed below resolves these issues as follows:\n\nThe FTP ALG without the ftps-extensions option will allow FTPS related commands to pass over the FTP control channel. As the ftps-extension option is not enabled, the wide TCP data channel is not created.\n\nIf the FTPS server is NAT\u2019d by the SRX (destination or static NAT), the wide TCP data channel is not created."
        },
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve these specific issues: Junos OS 12.1X44-D55, 12.1X46-D40, 12.1X47-D25, 12.3X48-D15, 15.1X49-D10, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10706",
        "defect": [
          "1067419"
        ],
        "discovery": "USER"
      },
      "title": "Junos: FTPS through SRX opens up wide range of data channel TCP ports",
      "workarounds": [
        {
          "lang": "en",
          "value": "Do not enable the \u0027ftps-extensions\u0027 option if FTPS is not needed.\u200b The \u0027ftps-extensions\u0027 option is disabled by default.\u200b"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_PUBLIC": "2015-10-14T16:00:00.000Z",
          "ID": "CVE-2015-5361",
          "STATE": "PUBLIC",
          "TITLE": "Junos: FTPS through SRX opens up wide range of data channel TCP ports"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.\u200b Note that the ftps-extensions option is not enabled by default."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10706",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10706"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The overall behavior of the FTP ALG with the ftps-extensions option is intended behavior and will not change. The key component to this advisory is increasing user awareness of the wide TCP data channel (gate) creation, allowing creation of any new sessions from client to server, and potential implications where the SRX protects the FTPS server and the server/load-balancer allows the control channel to remain open for an extended period.\n\nInvestigation into the issue identified two issues applicable to environments where the SRX protects both FTPS clients and servers, as well as uses FTP and FTPS over the same TCP ports to different servers.\n\n\u200bDue to the recent changes of OpenSSL, the FTP ALG without the ftps-extensions option may block FTPS commands over the FTP control channel. This is client and server specific, and was observed with FTPS clients that use recent versions of OpenSSL. This may result in security administrators enabling the ftps-extensions option with the intent of allowing the commands to pass, but inadvertently allowing wide gate creation. This was observed in a configuration with simultaneous FTPS client/server use, with use of the same ports for FTP and FTPS traffic.\n\nThe ftps-extension option is not supported when the SRX performs a destination NAT of the FTPS server, as the ALG cannot inspect the control channel to modify the server\u2019s IP address signaled to the client. In an environment of simultaneous FTP and FTPS server use with the ftps-extensions option enabled, the gate is created but is generally unusable by the FTPS client. However, an FTPS client with knowledge of the server\u2019s real IP address, its NAT\u2019d IP address, and routing reachability to the server\u2019s real IP address may be able to use the wide gate to reach the FTPS server.\nThe software releases listed below resolves these issues as follows:\n\nThe FTP ALG without the ftps-extensions option will allow FTPS related commands to pass over the FTP control channel. As the ftps-extension option is not enabled, the wide TCP data channel is not created.\n\nIf the FTPS server is NAT\u2019d by the SRX (destination or static NAT), the wide TCP data channel is not created."
          },
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve these specific issues: Junos OS 12.1X44-D55, 12.1X46-D40, 12.1X47-D25, 12.3X48-D15, 15.1X49-D10, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA10706",
          "defect": [
            "1067419"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Do not enable the \u0027ftps-extensions\u0027 option if FTPS is not needed.\u200b The \u0027ftps-extensions\u0027 option is disabled by default.\u200b"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5361",
    "datePublished": "2020-02-28T22:25:24.967247Z",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-09-16T16:39:13.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"86141A33-344E-4152-8B76-2DB383954F02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC405A12-112D-4C9D-90DA-6ED484109793\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FC42F2D-7593-4DBE-AE89-A6B78E7F9089\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*\", \"matchCriteriaId\": \"731A6469-3DE0-491A-BCC5-7642FB347ACE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*\", \"matchCriteriaId\": \"D12A8119-3E59-4062-9A04-1F6EA48B78E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8B33B80-3189-4412-BFE0-359E755AB07A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0E8F87E-DEB2-4849-ABB5-75A67CFD2D39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:d40:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDE231CE-0D93-4293-8720-4CCEE2EA651E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:d45:*:*:*:*:*:*\", \"matchCriteriaId\": \"74253C79-C13F-4FBD-B173-8E87A62845DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x44:d50:*:*:*:*:*:*\", \"matchCriteriaId\": \"96831D1B-881B-4B18-A330-9E32A0D21148\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"92F31F7F-02E0-4E63-A600-DF8AB4E3BAA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*\", \"matchCriteriaId\": \"A71742CF-50B1-44BB-AB7B-27E5DCC9CF70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FD4237A-C257-4D8A-ABC4-9B2160530A4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A449C87-C5C3-48FE-9E46-64ED5DD5F193\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4B6215F-76BF-473F-B325-0975B0EB101E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1C4A10C-49A3-4103-9E56-F881113BC5D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*\", \"matchCriteriaId\": \"50E7FD07-A309-48EC-A520-C7F0FA35865C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46-d10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6390879-1AB9-4B11-A8A8-6B914F52EB83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABBEDB3F-5FD1-4290-A80A-7EAD9B9C38C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*\", \"matchCriteriaId\": \"181C0D30-4476-48EE-A4A4-3B2461F4AC20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x47:d15:*:*:*:*:*:*\", \"matchCriteriaId\": \"63F559A2-2744-4771-9420-C70AA87496A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*\", \"matchCriteriaId\": \"040A6307-236E-4FAA-9A74-676F1DB0CF17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC1FED64-8725-4978-9EBF-E3CD8EF338E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4AC2E1E-74FB-4DA3-8292-B2079F83FF54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"27A6BF09-ABBF-4126-ADD6-B174937F8554\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"561C1113-3D59-4DD9-ADA7-3C9ECC4632EC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"927EAB8B-EC3B-4B12-85B9-5517EBA49A30\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CEBF85C-736A-4E7D-956A-3E8210D4F70B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD647C15-A686-4C8F-A766-BC29404C0FED\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45AB1622-1AED-4CD7-98F1-67779CDFC321\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89276D88-3B8D-4168-A2CD-0920297485F2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E020556B-693F-4963-BA43-3164AB50FA49\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB5AB24B-2B43-43DD-AE10-F758B4B19F2A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F9DC32-5ADF-4430-B1A6-357D0B29DB78\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B82D4C4-7A65-409A-926F-33C054DCBFBA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"746C3882-2A5B-4215-B259-EB1FD60C513D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE535749-F4CE-4FFA-B23D-BF09C92481E5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06A03463-6B1D-4DBA-9E89-CAD5E899B98B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCC5F6F5-4347-49D3-909A-27A3A96D36C9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56BA6B86-D3F4-4496-AE46-AC513C6560FA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5ABA347C-3EF3-4F75-B4D1-54590A57C2BC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FDDC897-747F-44DD-9599-7266F9B5B7B1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62FC145A-D477-4C86-89E7-F70F52773801\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06685D0E-A075-49A5-9EF4-34F0F795C8C6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52F0B735-8C49-4B08-950A-296C9CDE43CA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68CA098D-CBE4-4E62-9EC0-43E1B6098710\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66F474D4-79B6-4525-983C-9A9011BD958B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AA424D4-4DBF-4E8C-96B8-E37741B5403E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.\\u200b Note that the ftps-extensions option is not enabled by default.\"}, {\"lang\": \"es\", \"value\": \"Background por lo regular en, el trafico FTP no cifrado, el ALG FTP puede inspeccionar el canal de control no cifrado y abrir sesiones relacionadas para el canal de datos FTP. Estas sesiones relacionadas (gates) son espec\\u00edficas para las IPs de origen y destino y los puertos del cliente y del servidor. La intenci\\u00f3n del dise\\u00f1o de la opci\\u00f3n ftps-extensions (que est\\u00e1 desactivada por defecto) es proporcionar una funcionalidad similar cuando el SRX asegura el cliente FTP/FTPS. Como el canal de control est\\u00e1 cifrado, el ALG de FTP no puede inspeccionar la informaci\\u00f3n espec\\u00edfica del puerto y abrir\\u00e1 un canal de datos TCP m\\u00e1s amplio (puerta) desde la IP del cliente a la IP del servidor en todos los puertos TCP de destino. En entornos de clientes FTP/FTPS a una red empresarial o a Internet, este es el comportamiento deseado, ya que permite escribir la pol\\u00edtica del cortafuegos a los servidores FTP/FTPS en puertos de control conocidos sin utilizar una pol\\u00edtica con IP de destino ANY y puerto de destino ANY. Problema La opci\\u00f3n ftps-extensions no est\\u00e1 pensada ni recomendada cuando el SRX protege el servidor FTPS, ya que la sesi\\u00f3n de canal de datos amplio (puerta) permitir\\u00e1 al cliente FTPS acceder temporalmente a todos los puertos TCP del servidor FTPS. La sesi\\u00f3n de datos est\\u00e1 asociada al canal de control y se cerrar\\u00e1 cuando se cierre la sesi\\u00f3n del canal de control. Dependiendo de la configuraci\\u00f3n del servidor FTPS, del balanceador de carga que lo soporta y de los valores de tiempo de espera de inactividad del SRX, el servidor/balanceador de carga y el SRX pueden mantener el canal de control abierto durante un periodo de tiempo prolongado, permitiendo el acceso de un cliente FTPS durante un periodo igual. Nota la opci\\u00f3n ftps-extensions no est\\u00e1 habilitada por defecto\"}]",
      "id": "CVE-2015-5361",
      "lastModified": "2024-11-21T02:32:52.517",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cve@mitre.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-02-28T23:15:11.103",
      "references": "[{\"url\": \"https://kb.juniper.net/JSA10706\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA10706\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-326\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-5361\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-02-28T23:15:11.103\",\"lastModified\":\"2024-11-21T02:32:52.517\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.\u200b Note that the ftps-extensions option is not enabled by default.\"},{\"lang\":\"es\",\"value\":\"Background por lo regular en, el trafico FTP no cifrado, el ALG FTP puede inspeccionar el canal de control no cifrado y abrir sesiones relacionadas para el canal de datos FTP. Estas sesiones relacionadas (gates) son espec\u00edficas para las IPs de origen y destino y los puertos del cliente y del servidor. La intenci\u00f3n del dise\u00f1o de la opci\u00f3n ftps-extensions (que est\u00e1 desactivada por defecto) es proporcionar una funcionalidad similar cuando el SRX asegura el cliente FTP/FTPS. Como el canal de control est\u00e1 cifrado, el ALG de FTP no puede inspeccionar la informaci\u00f3n espec\u00edfica del puerto y abrir\u00e1 un canal de datos TCP m\u00e1s amplio (puerta) desde la IP del cliente a la IP del servidor en todos los puertos TCP de destino. En entornos de clientes FTP/FTPS a una red empresarial o a Internet, este es el comportamiento deseado, ya que permite escribir la pol\u00edtica del cortafuegos a los servidores FTP/FTPS en puertos de control conocidos sin utilizar una pol\u00edtica con IP de destino ANY y puerto de destino ANY. Problema La opci\u00f3n ftps-extensions no est\u00e1 pensada ni recomendada cuando el SRX protege el servidor FTPS, ya que la sesi\u00f3n de canal de datos amplio (puerta) permitir\u00e1 al cliente FTPS acceder temporalmente a todos los puertos TCP del servidor FTPS. La sesi\u00f3n de datos est\u00e1 asociada al canal de control y se cerrar\u00e1 cuando se cierre la sesi\u00f3n del canal de control. Dependiendo de la configuraci\u00f3n del servidor FTPS, del balanceador de carga que lo soporta y de los valores de tiempo de espera de inactividad del SRX, el servidor/balanceador de carga y el SRX pueden mantener el canal de control abierto durante un periodo de tiempo prolongado, permitiendo el acceso de un cliente FTPS durante un periodo igual. Nota la opci\u00f3n ftps-extensions no est\u00e1 habilitada por defecto\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"86141A33-344E-4152-8B76-2DB383954F02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC405A12-112D-4C9D-90DA-6ED484109793\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FC42F2D-7593-4DBE-AE89-A6B78E7F9089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"731A6469-3DE0-491A-BCC5-7642FB347ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12A8119-3E59-4062-9A04-1F6EA48B78E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B33B80-3189-4412-BFE0-359E755AB07A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0E8F87E-DEB2-4849-ABB5-75A67CFD2D39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d40:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE231CE-0D93-4293-8720-4CCEE2EA651E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d45:*:*:*:*:*:*\",\"matchCriteriaId\":\"74253C79-C13F-4FBD-B173-8E87A62845DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d50:*:*:*:*:*:*\",\"matchCriteriaId\":\"96831D1B-881B-4B18-A330-9E32A0D21148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"92F31F7F-02E0-4E63-A600-DF8AB4E3BAA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71742CF-50B1-44BB-AB7B-27E5DCC9CF70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD4237A-C257-4D8A-ABC4-9B2160530A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A449C87-C5C3-48FE-9E46-64ED5DD5F193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4B6215F-76BF-473F-B325-0975B0EB101E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1C4A10C-49A3-4103-9E56-F881113BC5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*\",\"matchCriteriaId\":\"50E7FD07-A309-48EC-A520-C7F0FA35865C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46-d10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6390879-1AB9-4B11-A8A8-6B914F52EB83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABBEDB3F-5FD1-4290-A80A-7EAD9B9C38C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"181C0D30-4476-48EE-A4A4-3B2461F4AC20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x47:d15:*:*:*:*:*:*\",\"matchCriteriaId\":\"63F559A2-2744-4771-9420-C70AA87496A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"040A6307-236E-4FAA-9A74-676F1DB0CF17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC1FED64-8725-4978-9EBF-E3CD8EF338E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4AC2E1E-74FB-4DA3-8292-B2079F83FF54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"27A6BF09-ABBF-4126-ADD6-B174937F8554\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"561C1113-3D59-4DD9-ADA7-3C9ECC4632EC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"927EAB8B-EC3B-4B12-85B9-5517EBA49A30\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CEBF85C-736A-4E7D-956A-3E8210D4F70B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD647C15-A686-4C8F-A766-BC29404C0FED\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45AB1622-1AED-4CD7-98F1-67779CDFC321\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89276D88-3B8D-4168-A2CD-0920297485F2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E020556B-693F-4963-BA43-3164AB50FA49\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB5AB24B-2B43-43DD-AE10-F758B4B19F2A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F9DC32-5ADF-4430-B1A6-357D0B29DB78\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B82D4C4-7A65-409A-926F-33C054DCBFBA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"746C3882-2A5B-4215-B259-EB1FD60C513D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE535749-F4CE-4FFA-B23D-BF09C92481E5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06A03463-6B1D-4DBA-9E89-CAD5E899B98B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC5F6F5-4347-49D3-909A-27A3A96D36C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BA6B86-D3F4-4496-AE46-AC513C6560FA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ABA347C-3EF3-4F75-B4D1-54590A57C2BC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FDDC897-747F-44DD-9599-7266F9B5B7B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62FC145A-D477-4C86-89E7-F70F52773801\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06685D0E-A075-49A5-9EF4-34F0F795C8C6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52F0B735-8C49-4B08-950A-296C9CDE43CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CA098D-CBE4-4E62-9EC0-43E1B6098710\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66F474D4-79B6-4525-983C-9A9011BD958B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AA424D4-4DBF-4E8C-96B8-E37741B5403E\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA10706\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.juniper.net/JSA10706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.