Junos SSLv3 POODLE Vulnerability Network Vulnerability

Summary

Junos OS is prone to a OpenSSL information disclosure vulnerability, also known as the 'POODLE' vulnerability.

Impact

The vulnerability makes it easier for a man in the middle attacker to obtain cleartext data.

Solution

New builds of Junos OS software are available from Juniper.

Insight

The SSL protocol 3.0 (SSLv3) uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack.

Affected

Junos OS 11.4, 12.1, 12.3, 13.2, 13.3, 14.1 and 14.2

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10656

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3566
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Junos J-Web XSS Vulnerability
Junos Stack Exhaustion Denial of Service Vulnerability
Junos CVE-2009-3485
Junos J-Web Persistent Cross Site Scripting Vulnerability
Junos Exclusive Edit Mode Privilege Escalation Vulnerability

Take action and discover your vulnerabilities