VSRX-20G-SCC-3
Announced in: SKU Transformation Announcement vSRX SCC package
Virtual Appliance
· SRX Series
Is the VSRX-20G-SCC-3 still supported?
No. Juniper ended support for the SKU Transformation Announcement vSRX SCC package on 2023-11-07. No further security fixes will be issued. See Juniper's lifecycle bulletin.
When does the VSRX-20G-SCC-3 reach end of support?
Juniper support for the SKU Transformation Announcement vSRX SCC package ends on 2023-11-07.
What replaces the VSRX-20G-SCC-3?
Juniper has not published a successor model for the SKU Transformation Announcement vSRX SCC package.
What known-exploited CVEs apply to the VSRX-20G-SCC-3 past end of support?
7 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform the SKU Transformation Announcement vSRX SCC package runs. These will not be patched on this device because it is past the Juniper security-support date. See the Known Exploited Vulnerabilities table below for the full list.
Known Exploited Vulnerabilities
This device is past Juniper's security-support date. 7 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform it runs. Juniper is not issuing patches for this model. Isolate, compensate, or refresh.
| CVE | KEV added | Vulnerability | Flags |
|---|---|---|---|
CVE-2025-21590
|
Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability | ||
CVE-2023-36844
|
Juniper Junos OS EX Series PHP External Variable Modification Vulnerability | ||
CVE-2023-36845
|
Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability | ||
CVE-2023-36846
|
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability | ||
CVE-2023-36847
|
Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability | ||
CVE-2023-36851
|
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability | ||
CVE-2020-1631
|
Juniper Junos OS Path Traversal Vulnerability |
Source: CISA Known Exploited Vulnerabilities catalog. The Ransomware flag reflects CISA's own knownRansomwareCampaignUse field, set when the CVE has been observed in ransomware campaigns per their threat intel. It's not a property of the vulnerability description itself.
Correlation is at the platform level, not per-OS-version. Not exhaustive: KEV only lists actively-exploited CVEs and many relevant unexploited vulnerabilities are not here. Verify against vendor security advisories (PSIRT, JSA, PAN-SA) and NVD before acting. See compensating controls if refresh isn't immediate.
VSRX-20G-SCC-3 Lifecycle Overview
The Juniper VSRX-20G-SCC-3 (VSRX-20G-SCC-3) is a virtual appliance product in the Juniper SRX series. This product has reached end of life as of , meaning Juniper no longer provides technical support, software updates, or hardware replacement for this product. It was last available for purchase on . Organizations still running the VSRX-20G-SCC-3 should plan a migration .
Lifecycle Milestones
| Lifecycle notice published | 6y 1mo ago | |
|---|---|---|
| End of sale | 5y 7mo ago | |
| Last date of support | 2y 7mo ago |