Juniper Junos SRX MACsec Feature Secure Link Failure Silent Fallback Information Disclosure (JSA10790)
Medium Nessus Plugin ID 102703
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version and model number, the remote Juniper Junos device is affected by an information disclosure vulnerability in the MACsec feature due to error reporting over an unencrypted link when a secure link cannot be established. An adjacent attacker can exploit this to disclose or manipulate error information.
SolutionUpgrade to the relevant Junos software release referenced in Juniper security advisory JSA10790.