SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX 220 failing PCI scan - SSH version

    Posted 02-10-2015 12:17

    I am getting a failure because my scanner detects Open SSH ver 6.0 on the SRX 220.

    I cannot find anything indicating that the SRX is or is not affected by CVE-2014-2532 (there is a note that an NSM update is required.)

     

    Can anyone point me at Juniper documentation on this issue?

     

    Thanks!

     



  • 2.  RE: SRX 220 failing PCI scan - SSH version
    Best Answer

    Posted 04-07-2015 07:17

    Afer seven weeks and escalation of my ticket I have learned that Junos is vulnerable to CVE-2014-2532:

     

    Since Junos Codes before 12.1X47 does not use sshd 6.6 in OpenSSH, so they are affected to this vulnerability.

     

    Engineering has fixed this issue in 12.1X47-D10 and latter releases via PR 974174 & PR 985400. The most recent release of 12.1X47 is 12.1X47-D20.

     

    Unfortunately, we can not port this issue back in 12.1x46 or prior releases because our Engineering team is concerned that it will break other features in the code.

     

    If you need to avoid this vulnerability please upgrade to our latest 12.1X47-D20.