A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.
Weakness
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Junos | Juniper | 12.3x48 (including) | 12.3x48 (including) |
| Junos | Juniper | 12.3x48-d10 (including) | 12.3x48-d10 (including) |
| Junos | Juniper | 12.3x48-d100 (including) | 12.3x48-d100 (including) |
| Junos | Juniper | 12.3x48-d15 (including) | 12.3x48-d15 (including) |
| Junos | Juniper | 12.3x48-d20 (including) | 12.3x48-d20 (including) |
| Junos | Juniper | 12.3x48-d25 (including) | 12.3x48-d25 (including) |
| Junos | Juniper | 12.3x48-d30 (including) | 12.3x48-d30 (including) |
| Junos | Juniper | 12.3x48-d35 (including) | 12.3x48-d35 (including) |
| Junos | Juniper | 12.3x48-d40 (including) | 12.3x48-d40 (including) |
| Junos | Juniper | 12.3x48-d45 (including) | 12.3x48-d45 (including) |
| Junos | Juniper | 12.3x48-d50 (including) | 12.3x48-d50 (including) |
| Junos | Juniper | 12.3x48-d51 (including) | 12.3x48-d51 (including) |
| Junos | Juniper | 12.3x48-d55 (including) | 12.3x48-d55 (including) |
| Junos | Juniper | 12.3x48-d60 (including) | 12.3x48-d60 (including) |
| Junos | Juniper | 12.3x48-d65 (including) | 12.3x48-d65 (including) |
| Junos | Juniper | 12.3x48-d66 (including) | 12.3x48-d66 (including) |
| Junos | Juniper | 12.3x48-d70 (including) | 12.3x48-d70 (including) |
| Junos | Juniper | 15.1x49 (including) | 15.1x49 (including) |
| Junos | Juniper | 15.1x49-d10 (including) | 15.1x49-d10 (including) |
| Junos | Juniper | 15.1x49-d100 (including) | 15.1x49-d100 (including) |
| Junos | Juniper | 15.1x49-d110 (including) | 15.1x49-d110 (including) |
| Junos | Juniper | 15.1x49-d120 (including) | 15.1x49-d120 (including) |
| Junos | Juniper | 15.1x49-d130 (including) | 15.1x49-d130 (including) |
| Junos | Juniper | 15.1x49-d131 (including) | 15.1x49-d131 (including) |
| Junos | Juniper | 15.1x49-d140 (including) | 15.1x49-d140 (including) |
| Junos | Juniper | 15.1x49-d15 (including) | 15.1x49-d15 (including) |
| Junos | Juniper | 15.1x49-d20 (including) | 15.1x49-d20 (including) |
| Junos | Juniper | 15.1x49-d25 (including) | 15.1x49-d25 (including) |
| Junos | Juniper | 15.1x49-d30 (including) | 15.1x49-d30 (including) |
| Junos | Juniper | 15.1x49-d35 (including) | 15.1x49-d35 (including) |
| Junos | Juniper | 15.1x49-d40 (including) | 15.1x49-d40 (including) |
| Junos | Juniper | 15.1x49-d45 (including) | 15.1x49-d45 (including) |
| Junos | Juniper | 15.1x49-d50 (including) | 15.1x49-d50 (including) |
| Junos | Juniper | 15.1x49-d55 (including) | 15.1x49-d55 (including) |
| Junos | Juniper | 15.1x49-d60 (including) | 15.1x49-d60 (including) |
| Junos | Juniper | 15.1x49-d65 (including) | 15.1x49-d65 (including) |
| Junos | Juniper | 15.1x49-d70 (including) | 15.1x49-d70 (including) |
| Junos | Juniper | 15.1x49-d75 (including) | 15.1x49-d75 (including) |
| Junos | Juniper | 15.1x49-d80 (including) | 15.1x49-d80 (including) |
| Junos | Juniper | 15.1x49-d90 (including) | 15.1x49-d90 (including) |
| Junos | Juniper | 17.3 (including) | 17.3 (including) |
| Junos | Juniper | 17.3-r1 (including) | 17.3-r1 (including) |
| Junos | Juniper | 17.3-r1-s1 (including) | 17.3-r1-s1 (including) |
| Junos | Juniper | 17.3-r1-s4 (including) | 17.3-r1-s4 (including) |
| Junos | Juniper | 17.3-r2 (including) | 17.3-r2 (including) |
| Junos | Juniper | 17.3-r2-s1 (including) | 17.3-r2-s1 (including) |
| Junos | Juniper | 17.3-r2-s2 (including) | 17.3-r2-s2 (including) |
| Junos | Juniper | 17.3-r2-s3 (including) | 17.3-r2-s3 (including) |
| Junos | Juniper | 17.3-r2-s4 (including) | 17.3-r2-s4 (including) |
| Junos | Juniper | 17.3-r2-s5 (including) | 17.3-r2-s5 (including) |
| Junos | Juniper | 17.4 (including) | 17.4 (including) |
| Junos | Juniper | 17.4-r1 (including) | 17.4-r1 (including) |
| Junos | Juniper | 17.4-r1-s1 (including) | 17.4-r1-s1 (including) |
| Junos | Juniper | 17.4-r1-s2 (including) | 17.4-r1-s2 (including) |
| Junos | Juniper | 17.4-r1-s3 (including) | 17.4-r1-s3 (including) |
| Junos | Juniper | 17.4-r1-s4 (including) | 17.4-r1-s4 (including) |
| Junos | Juniper | 17.4-r1-s5 (including) | 17.4-r1-s5 (including) |
| Junos | Juniper | 17.4-r1-s6 (including) | 17.4-r1-s6 (including) |
| Junos | Juniper | 17.4-r1-s7 (including) | 17.4-r1-s7 (including) |
| Junos | Juniper | 18.1 (including) | 18.1 (including) |
| Junos | Juniper | 18.1-r (including) | 18.1-r (including) |
| Junos | Juniper | 18.1-r1 (including) | 18.1-r1 (including) |
| Junos | Juniper | 18.1-r2 (including) | 18.1-r2 (including) |
| Junos | Juniper | 18.1-r2-s1 (including) | 18.1-r2-s1 (including) |
| Junos | Juniper | 18.1-r2-s2 (including) | 18.1-r2-s2 (including) |
| Junos | Juniper | 18.1-r2-s4 (including) | 18.1-r2-s4 (including) |
| Junos | Juniper | 18.2 (including) | 18.2 (including) |
| Junos | Juniper | 18.2-r (including) | 18.2-r (including) |
| Junos | Juniper | 18.2-r1 (including) | 18.2-r1 (including) |
| Junos | Juniper | 18.2-r1-s2 (including) | 18.2-r1-s2 (including) |
| Junos | Juniper | 18.2-r1-s3 (including) | 18.2-r1-s3 (including) |
| Junos | Juniper | 18.2-r1-s4 (including) | 18.2-r1-s4 (including) |
| Junos | Juniper | 18.2-r1-s5 (including) | 18.2-r1-s5 (including) |