SRC Series: NETCONF over SSH allows negotiation of weak ciphers
CVE-2021-31352

5.3MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Src Series
Vendor: CVE Published:; 19 October 2021

Badges

👾 Exploit Exists

Summary

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.

Affected Version(s)

SRC Series < 4.13.0-R6

References

https://kb.juniper.net/JSA11217

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 16, 2024
Vulnerability published
Oct 19, 2021
Vulnerability Reserved
Apr 15, 2021