CVE-2021-31352

CWE-200Information ExposureCWE-327Broken Cryptographic Algorithm4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 68.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks SRC SeriesJuniper Session AND Resource Control
Timeline
PublishedOct 19
Latest updateMay 24

Description

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/src_seriesunspecified4.13.0-R6

Patches

Patch: kb.juniper.netPatch: kb.juniper.net

🔴Vulnerability Details

2
GHSA
GHSA-pq3v-r83j-pgg5: An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers,2022-05-24
CVEList
SRC Series: NETCONF over SSH allows negotiation of weak ciphers2021-10-19

📋Vendor Advisories

1
Juniper
CVE-2021-31352: An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers,2021-10-19
CVE-2021-31352 (MEDIUM CVSS 5.3) | An Information Exposure vulnerabili | cvebase.io