Juniper Networks Security Director Policy Enforcer Missing Authentication Vulnerability Allowing Malicious vSRX Image Deployment

Vulnerability

A vulnerability allowing missing authentication for critical functions has been identified in Juniper Networks Security Director Policy Enforcer, all versions prior to 23.1R1 Hotpatch v3. This vulnerability allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates the deployment, Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of a legitimate one. This issue does not affect Junos Space Security Director Insights.

Impact

Exploitation of this vulnerability could lead to the unauthorized replacement of vSRX images with malicious ones, potentially allowing for the deployment of harmful software or configurations within the VMware NSX environment.

Added: Oct 9, 2025, 4:33 PM

Updated: Oct 9, 2025, 4:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

10.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

10.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Juniper Networks Security Director Policy Enforcer Missing Authentication Vulnerability Allowing Malicious vSRX Image Deployment

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating