漏洞标题
Junos OS:MX 系列带有 SPC3,以及 SRX 系列:当使用“hmac-sha-384”和“hmac-sha-512”配置IPsec身份验证时,不会对流量进行身份验证
漏洞描述信息
N/A
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
漏洞类别
关键功能的认证机制缺失
漏洞标题
Junos OS: MX Series with SPC3, and SRX Series: When IPsec authentication is configured with "hmac-sha-384" and "hmac-sha-512" no authentication of traffic is performed
漏洞描述信息
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device.
If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed.
This issue affects Junos OS:
* All versions before 20.4R3-S7,
* 21.1 versions before 21.1R3,
* 21.2 versions before 21.2R2-S1, 21.2R3,
* 21.3 versions before 21.3R1-S2, 21.3R2.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
漏洞类别
关键功能的认证机制缺失
漏洞标题
Juniper Networks Junos OS 安全漏洞
漏洞描述信息
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS存在安全漏洞,该漏洞源于数据包转发引擎PFE存在安全漏洞。攻击者可利用该漏洞对对设备的完整性或可用性造成影响。受影响的产品和版本:Juniper Networks Junos OS 20.4R3-S7之前版本,21.1R3之前版本,21.2R2-S1之前版本,
CVSS信息
N/A
漏洞类别
其他