ID de Prueba:	1.3.6.1.4.1.25623.1.0.106042
Categoría:	JunOS Local Security Checks
Título:	Juniper Networks Junos OS FTPS-Extensions Vulnerability
Resumen:	Junos OS is prone to a vulnerability in BFD daemon.
Descripción:	Summary: Junos OS is prone to a vulnerability in BFD daemon. Vulnerability Insight: The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration. Vulnerability Impact: An unauthenticated remote attacker may cause to expose TCP ports for arbitrary data channels. Affected Software/OS: Junos OS 12.1, 12.3, 15.1 Solution: New builds of Junos OS software are available from Juniper. As a workaround do not enable 'ftps-extentions' options if FTPS is not needed. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5361 https://kb.juniper.net/JSA10706
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.