// For flags

CVE-2021-31352

SRC Series: NETCONF over SSH allows negotiation of weak ciphers

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.

Una vulnerabilidad de exposición de información en los dispositivos de Juniper Networks SRC Series configurados para NETCONF sobre SSH permite una negociación de cifrados débiles, lo que podría permitir a un atacante remoto conseguir información confidencial. Un atacante remoto con acceso de lectura y escritura a los datos de la red podría aprovechar esta vulnerabilidad para mostrar bits de texto plano de un bloque de texto cifrado y conseguir información confidencial. Este problema afecta a todas las versiones de Juniper Networks SRC Series anteriores a 4.13.0-R6

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-15 CVE Reserved
  • 2021-10-19 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • 2024-10-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://kb.juniper.net/JSA11217 2024-09-16
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
 Session And Resource Control
Search vendor "Juniper" for product "Session And Resource Control"
 < 4.130r6
Search vendor "Juniper" for product "Session And Resource Control" and version " < 4.130r6"
-
Affected