CVE-2020-1688: On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is ...

Description

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Probability

0.31%

23.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Juniper	Junos	12.3x48
Juniper	Junos	15.1x49
Juniper	Junos	16.1
Juniper	Junos	17.2
Juniper	Junos	17.3
Juniper	Junos	17.4
Juniper	Junos	18.1
Juniper	Junos	18.2
Juniper	Junos	18.3
Juniper	Junos	18.4
Juniper	Junos	19.1
Juniper	Junos	19.2

References

https://kb.juniper.net/InfoCenter/index?page=content&id=KB30911Vendor Advisory
https://kb.juniper.net/JSA11085Vendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/services-webapi-user-cli.htmlVendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-configure-jims.htmlVendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-intergrated-user-firewall-overview.htmlVendor Advisory
https://kb.juniper.net/InfoCenter/index?page=content&id=KB30911Vendor Advisory
https://kb.juniper.net/JSA11085Vendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/services-webapi-user-cli.htmlVendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-configure-jims.htmlVendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-intergrated-user-firewall-overview.htmlVendor Advisory

Timeline

Published: Oct 16, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-1688?

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2.

How severe is CVE-2020-1688?

CVE-2020-1688 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.31% probability of exploitation in the next 30 days.

How do I fix CVE-2020-1688?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.