Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SSL/TLS Vulnerability (CVE-2009-3555)



Article ID: JSA10411 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 10.0
Legacy Advisory Id:
Product Affected:
This TLS issue potentially affects all products that use TLS. In Juniper's case, that is all products that have not EOLed.

Interim Security Advisory

On November 4, 2009, a vulnerability in the implementation of TLS (could also be referred to as SSL) was disclosed to the general public. Juniper Networks has been aware of this vulnerability since mid September 2009. We have been working as part of a global response team, coordinated by the Industry Consortium for the Advancement of Security on the Internet (ICASI). ICASI has been leading the industry effort, addressing the issue and coordinating responsible disclosure. More information on the industry coordination on this vulnerability can be found at The Common Vulnerability Enumeration (CVE) label for this issue is CVE-2009-3555.

Juniper Networks has been actively working with ICASI and other industry participants to find solutions that will fix, provide remediation, and detect this SSL/TLS vulnerability. ICASI's security advisory on this industry issue can be found on their ICASI Hot Page.

The best industry advice on this issue can be found in the ICASI Security Advisory - Transport Layer Security (TLS) Man-In-The-Middle (MITM) Vulnerability CVE-2009-3555.

We also have blog posts by members of the Juniper Networks Security Incident Response Team (SIRT) that provide additional clarification not included in the Juniper Networks or ICASI Security Advisories. This J-Net Community blog entry provides some context and dispels some of the myths surrounding the protocol vulnerability: Transport Layer Security (TLS) Man-In-The-Middle Vulnerability (MITM) - CVE-2009-3555.

FINAL UPDATE: This product security advisory has been obsoleted by PSN-2011-06-290. Please refer to PSN-2011-06-290 for the latest information regarding this vulnerability.

Questions about this vulnerability can be sent directly to the Juniper Networks SIRT at
Severity Level:
Severity Assessment:
Based on the available public information, this vulnerability is seen to be difficult to exploit on Juniper's products. Existing Best Common Practices (BCP) to limit the "attack surface" are effective tool to limit potential risk to Juniper's products.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search