Juniper Junos OpenSSL Multiple Vulnerabilities (JSA10575)
Medium Nessus Plugin ID 68908
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Junos device is using an outdated version of OpenSSL, which has multiple vulnerabilities including (but not limited to) :
- An error exists related to the handling of OCSP response verification that could allow denial of service attacks.
- An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)
SolutionApply the relevant Junos upgrade referenced in Juniper advisory JSA10575.