CVE-2021-0266

Description

The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.

Related CPE's

o juniper junos 20.2 r1 ******

o juniper junos 20.2 r1-s1 ******

o juniper junos 20.2 r1-s2 ******

o juniper junos 20.2 r1-s3 ******

o juniper junos 20.3 r1 ******

o juniper junos 20.3 r1-s1 ******

o juniper junos 20.4 r1 ******

o juniper junos 20.4 r1-s1 ******

h juniper csrx -*******

References

https://kb.juniper.net/JSA11157

Vendor Advisory

CvssV3 impact

Version	3.1
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AttackVector	NETWORK
AttackComplexity	LOW
PrivilegesRequired	NONE
UserInteraction	NONE
Scope	UNCHANGED
ConfidentialityImpact	HIGH
IntegrityImpact	HIGH
AvailabilityImpact	HIGH
BaseScore	9.8
BaseSeverity	CRITICAL

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	PARTIAL
AvailabilityImpact	PARTIAL
IntegrityImpact	PARTIAL
BaseScore	7.5
VectorString	AV:N/AC:L/Au:N/C:P/I:P/A:P
Version	2.0
AccessVector	NETWORK
Authentication	NONE