MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series.
Published 2017-07-17 13:18:24
Updated 2019-10-09 23:26:45
View at NVD,   CVE.org

Products affected by CVE-2017-2342

Exploit prediction scoring system (EPSS) score for CVE-2017-2342

0.07%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-2342

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.3
MEDIUM AV:A/AC:M/Au:N/C:P/I:P/A:N
5.5
4.9
NIST
8.1
HIGH CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2.8
5.2
NIST
8.1
HIGH CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2.8
5.2
Juniper Networks, Inc.

CWE ids for CVE-2017-2342

  • The product encounters an error but does not provide a status code or return value to indicate that an error has occurred.
    Assigned by: sirt@juniper.net (Secondary)

References for CVE-2017-2342

  • https://kb.juniper.net/JSA10790
    Juniper Networks - 2017-07 Security Bulletin: SRX Series: MACsec failure to report errors (CVE-2017-2342)
    Vendor Advisory
  • http://www.securitytracker.com/id/1038890
    Juniper Junos SRX300 Series MACsec Non-Secure Fallback Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
    Third Party Advisory;VDB Entry
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!