CVE-2019-0054
MEDIUMJuniper Junos OS 15.1X49 < D120 - Man-in-the-Middle via App-ID Signature Update Client
Title source: llmDescription
An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://kb.juniper.net/JSA10952
Vendor Advisory x_refsource_misc
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application-identification-overview.html
Scores
CVSS v3
6.8
EPSS
0.0008
EPSS Percentile
23.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-295
CWE-300
Status
published
Products (1)
juniper/junos
15.1x49 (17 CPE variants)
Published
Oct 09, 2019
Tracked Since
Feb 18, 2026