Vulnerabilites related to Juniper Networks - SRC Series
cve-2021-31352
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-16 19:20
Severity ?
EPSS score ?
Summary
An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11217 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | SRC Series |
Version: unspecified < 4.13.0-R6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SRC Series",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "4.13.0-R6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "A sample configuration of NETCONF over SSH is shown below:\n\n netconf {\n ssh {\n port 830;\n }\n }"
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:33",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11217"
}
],
"solutions": [
{
"lang": "en",
"value": "A hotfix has been created to resolve this issue. Contact Juniper Networks Technical Support to request the hotfix.\n\nWeak ciphers are now disabled by default. Only the following ciphers and key-exchange (KEX) algorithms are now enabled by default:\n\n\u2022 Ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\n\u2022 KEX Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\n\nNote: After upgrading to a fixed release, any manually configured weak ciphers or KEX algorithms for NETCONF will be retained. Administrators should reset their cipher configuration by typing:\n root@src# delete system services netconf ssh\n root@src# commit\n Stopping NETCONF/SSH:\n commit complete.\n\n root@src# set system services netconf ssh"
}
],
"source": {
"advisory": "JSA11217",
"defect": [
"1568322"
],
"discovery": "INTERNAL"
},
"title": "SRC Series: NETCONF over SSH allows negotiation of weak ciphers",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31352",
"STATE": "PUBLIC",
"TITLE": "SRC Series: NETCONF over SSH allows negotiation of weak ciphers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SRC Series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.13.0-R6"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "A sample configuration of NETCONF over SSH is shown below:\n\n netconf {\n ssh {\n port 830;\n }\n }"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11217",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11217"
}
]
},
"solution": [
{
"lang": "en",
"value": "A hotfix has been created to resolve this issue. Contact Juniper Networks Technical Support to request the hotfix.\n\nWeak ciphers are now disabled by default. Only the following ciphers and key-exchange (KEX) algorithms are now enabled by default:\n\n\u2022 Ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\n\u2022 KEX Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\n\nNote: After upgrading to a fixed release, any manually configured weak ciphers or KEX algorithms for NETCONF will be retained. Administrators should reset their cipher configuration by typing:\n root@src# delete system services netconf ssh\n root@src# commit\n Stopping NETCONF/SSH:\n commit complete.\n\n root@src# set system services netconf ssh"
}
],
"source": {
"advisory": "JSA11217",
"defect": [
"1568322"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31352",
"datePublished": "2021-10-19T18:16:33.308361Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T19:20:18.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31380
Vulnerability from cvelistv5
Published
2021-10-19 18:17
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11248 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | SRC Series |
Version: unspecified < 4.12.0R5 Version: 4.13.0 < 4.13.0R3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SRC Series",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "4.12.0R5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.13.0R3",
"status": "affected",
"version": "4.13.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:17:21",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11248",
"defect": [
"1487222"
],
"discovery": "USER"
},
"title": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31380",
"STATE": "PUBLIC",
"TITLE": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SRC Series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.12.0R5"
},
{
"version_affected": "\u003c",
"version_name": "4.13.0",
"version_value": "4.13.0R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11248",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11248"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11248",
"defect": [
"1487222"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31380",
"datePublished": "2021-10-19T18:17:21.571211Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T18:28:42.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31381
Vulnerability from cvelistv5
Published
2021-10-19 18:17
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11248 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | SRC Series |
Version: unspecified < 4.12.0R5 Version: 4.13.0 < 4.13.0R3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SRC Series",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "4.12.0R5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.13.0R3",
"status": "affected",
"version": "4.13.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:17:23",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11248",
"defect": [
"1487223"
],
"discovery": "USER"
},
"title": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to delete files",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31381",
"STATE": "PUBLIC",
"TITLE": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to delete files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SRC Series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.12.0R5"
},
{
"version_affected": "\u003c",
"version_name": "4.13.0",
"version_value": "4.13.0R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11248",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11248"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11248",
"defect": [
"1487223"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31381",
"datePublished": "2021-10-19T18:17:23.187566Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T17:08:17.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}