This vulnerability (CWE-296) arises from Junos OS SRX devices not properly following the certificate chain of trust when connecting to the Security Director cloud service. Insufficient verification of the server certificate enables a PITM attacker to intercept and access sensitive data, including credentials, and potentially alter communications. Affected versions include all Junos OS releases before 22.4R3-S9, 23.2 versions before 23.2R2-S6, 23.4 versions before 23.4R2-S7, 24.2 versions before 24.2R2-S3, 24.4 versions before 24.4R2-S2, and 25.2 versions before 25.2R1-S2 and 25.2R2. The vulnerability is relevant to the cloud service connection component of Junos OS on SRX devices.

Successful exploitation allows a person-in-the-middle attacker to intercept communications between the SRX device and the Security Director cloud, gaining access to confidential information such as credentials. The attacker may also modify intercepted data, potentially compromising the integrity of the communication. The vulnerability does not allow privilege escalation or denial of service directly but impacts confidentiality and integrity.

Juniper Networks manages remediation for this cloud-hosted service and a patch is available for the affected Junos OS versions. Users should upgrade to the fixed versions listed (22.4R3-S9 or later, 23.2R2-S6 or later, 23.4R2-S7 or later, 24.2R2-S3 or later, 24.4R2-S2 or later, 25.2R1-S2 or 25.2R2 or later). Patch status is confirmed as available. No additional vendor advisory content indicates that no action is required, so applying the official patches is recommended.