CVE-2021-0266
cSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.
El uso de múltiples claves criptográficas embebidas en el software de la serie cSRX en Juniper Networks Junos OS, permite a un atacante tomar el control de cualquier instancia de una implementación de cSRX a través de servicios de administración de dispositivos. Este problema afecta a: Juniper Networks Junos OS en la serie cSRX: todas las versiones anteriores a 20.2R3; 20.3 versiones anteriores a 20.3R2; versiones 20.4 anteriores a 20.4R2
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-27 CVE Reserved
- 2021-04-22 CVE Published
- 2024-01-06 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-321: Use of Hard-coded Cryptographic Key
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Csrx Search vendor "Juniper" for product "Csrx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Csrx Search vendor "Juniper" for product "Csrx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r1-s2 |
Affected
| in | Juniper Search vendor "Juniper" | Csrx Search vendor "Juniper" for product "Csrx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r1-s3 |
Affected
| in | Juniper Search vendor "Juniper" | Csrx Search vendor "Juniper" for product "Csrx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.3 Search vendor "Juniper" for product "Junos" and version "20.3" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Csrx Search vendor "Juniper" for product "Csrx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.3 Search vendor "Juniper" for product "Junos" and version "20.3" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Csrx Search vendor "Juniper" for product "Csrx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Csrx Search vendor "Juniper" for product "Csrx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Csrx Search vendor "Juniper" for product "Csrx" | - | - |
Safe
|