CVE-2017-2342
SRX Series: MACsec failure to report errors
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series.
La función MACsec en Juniper Networks Junos OS versión 15.1X49 anterior a 15.1X49-D100 en la serie SRX300, no informa de errores cuando un enlace seguro no se puede establecer. Vuelve a un enlace sin cifrar. Esto puede suceder cuando el MACsec se configura en los puertos que no son capaces del MACsec o cuando un enlace seguro no puede ser establecido. Esto puede inducir a los clientes a creer que un enlace es seguro. En los dispositivos de la serie SRX 300, anterior a versión 15.1X49-D100, MACsec sólo era compatible con los puertos de control y de estructura de los dispositivos SRX340 y SRX345. SRX300 y SRX320 y SRX320 no tenían ningún puerto compatible con MACsec. Configurar MACsec en puertos que no eran compatibles con maCsec habría resultado en este problema. Las versiones afectadas son Juniper Networks Junos OS versión 15.1X49 anterior a 15.1X49-D100 en la serie SRX300.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-07-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-392: Missing Report of Error Condition
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1038890 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/JSA10790 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d10 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d20 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d30 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d35 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d40 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d45 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d50 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d55 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d60 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d65 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d70 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d75 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d80 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d90 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|