CVE-2024-30407 – [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks

https://notcve.org/view.php?id=CVE-2024-30407

12 Apr 2024 — The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juni... • https://supportportal.juniper.net/JSA79106 • CWE-321: Use of Hard-coded Cryptographic Key •