Various products. Please see the list in the Problem section below.

The SSL protocol 3.0 uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack. ¬†This issue is also known as the “POODLE” vulnerability.SSL v3 is an older security protocol with known issues, but still exists as a fallback protocol on many devices. Vulnerable Products Junos OS Connect Secure (SA / SSL VPN) / Policy Secure (IC / UAC), MAG Series ScreenOS Junos Space Juniper is investigating our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated. This issue has been assigned CVE-2014-3566.Junos:Junos OS will include an update to OpenSSL in a future release.Connect Secure (SA / SSL VPN) / Policy Secure (IC / UAC), MAG Series:Please refer to Pulse Secure TSB16540 for details on mitigating risk from this vulnerability.ScreenOS:A problem report has been submitted. ¬†Development is in the process of evaluating the best method to resolve this issue.Junos Space:Disable SSLv3 by changing the chaining the following files.
/etc/httpd/conf.d/webProxy.conf
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf.d/webConf/webProxyCertAuth.conf
The following line needs to be updated to remove references to SSLv3:Original:SSLProtocol -ALL +SSLv3 +TLSv1Updated:SSLProtocol -ALL +TLSv1Restart httpd by typing ‘service httpd restart‘.Junos:Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include:Disabling J-WebDisable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changesLimit access to J-Web and XNM-SSL from only trusted networks

Leave a Reply