Test Kennung:	1.3.6.1.4.1.25623.1.0.106042
Kategorie:	JunOS Local Security Checks
Titel:	Juniper Networks Junos OS FTPS-Extensions Vulnerability
Zusammenfassung:	Junos OS is prone to a vulnerability in BFD daemon.
Beschreibung:	Summary: Junos OS is prone to a vulnerability in BFD daemon. Vulnerability Insight: The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration. Vulnerability Impact: An unauthenticated remote attacker may cause to expose TCP ports for arbitrary data channels. Affected Software/OS: Junos OS 12.1, 12.3, 15.1 Solution: New builds of Junos OS software are available from Juniper. As a workaround do not enable 'ftps-extentions' options if FTPS is not needed. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5361 https://kb.juniper.net/JSA10706
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.