CVE-2021-31352 - OpenCVE

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Session And Resource Control

Configuration 1 [-]

cpe:2.3:a:juniper:session_and_resource_control:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.juniper.net/JSA11217

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2021-10-19T18:16:33.308361Z

Updated: 2024-09-16T19:20:18.621Z

Reserved: 2021-04-15T00:00:00

Link: CVE-2021-31352

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-19T19:15:08.660

Modified: 2022-10-27T13:05:14.193

Link: CVE-2021-31352

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SRC Series", "vendor": "Juniper Networks", "versions": [{"lessThan": "4.13.0-R6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "A sample configuration of NETCONF over SSH is shown below:\n\n netconf {\n ssh {\n port 830;\n }\n }"}], "datePublic": "2021-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-19T18:16:33", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11217"}], "solutions": [{"lang": "en", "value": "A hotfix has been created to resolve this issue. Contact Juniper Networks Technical Support to request the hotfix.\n\nWeak ciphers are now disabled by default. Only the following ciphers and key-exchange (KEX) algorithms are now enabled by default:\n\n\u2022 Ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\n\u2022 KEX Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\n\nNote: After upgrading to a fixed release, any manually configured weak ciphers or KEX algorithms for NETCONF will be retained. Administrators should reset their cipher configuration by typing:\n root@src# delete system services netconf ssh\n root@src# commit\n Stopping NETCONF/SSH:\n commit complete.\n\n root@src# set system services netconf ssh"}], "source": {"advisory": "JSA11217", "defect": ["1568322"], "discovery": "INTERNAL"}, "title": "SRC Series: NETCONF over SSH allows negotiation of weak ciphers", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-10-13T16:00:00.000Z", "ID": "CVE-2021-31352", "STATE": "PUBLIC", "TITLE": "SRC Series: NETCONF over SSH allows negotiation of weak ciphers"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SRC Series", "version": {"version_data": [{"version_affected": "<", "version_value": "4.13.0-R6"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "configuration": [{"lang": "en", "value": "A sample configuration of NETCONF over SSH is shown below:\n\n netconf {\n ssh {\n port 830;\n }\n }"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11217", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11217"}]}, "solution": [{"lang": "en", "value": "A hotfix has been created to resolve this issue. Contact Juniper Networks Technical Support to request the hotfix.\n\nWeak ciphers are now disabled by default. Only the following ciphers and key-exchange (KEX) algorithms are now enabled by default:\n\n\u2022 Ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\n\u2022 KEX Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\n\nNote: After upgrading to a fixed release, any manually configured weak ciphers or KEX algorithms for NETCONF will be retained. Administrators should reset their cipher configuration by typing:\n root@src# delete system services netconf ssh\n root@src# commit\n Stopping NETCONF/SSH:\n commit complete.\n\n root@src# set system services netconf ssh"}], "source": {"advisory": "JSA11217", "defect": ["1568322"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:55:53.552Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA11217"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-31352", "datePublished": "2021-10-19T18:16:33.308361Z", "dateReserved": "2021-04-15T00:00:00", "dateUpdated": "2024-09-16T19:20:18.621Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:session_and_resource_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "F859871E-2194-4F8D-8978-26A032CF77D1", "versionEndExcluding": "4.130r6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."}, {"lang": "es", "value": "Una vulnerabilidad de exposici\u00f3n de informaci\u00f3n en los dispositivos de Juniper Networks SRC Series configurados para NETCONF sobre SSH permite una negociaci\u00f3n de cifrados d\u00e9biles, lo que podr\u00eda permitir a un atacante remoto conseguir informaci\u00f3n confidencial. Un atacante remoto con acceso de lectura y escritura a los datos de la red podr\u00eda aprovechar esta vulnerabilidad para mostrar bits de texto plano de un bloque de texto cifrado y conseguir informaci\u00f3n confidencial. Este problema afecta a todas las versiones de Juniper Networks SRC Series anteriores a 4.13.0-R6"}], "id": "CVE-2021-31352", "lastModified": "2022-10-27T13:05:14.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2021-10-19T19:15:08.660", "references": [{"source": "sirt@juniper.net", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA11217"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "sirt@juniper.net", "type": "Secondary"}]}