CVE-2021-31352

Description

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.

Related CPE's

Could not find any relations

References

https://kb.juniper.net/JSA11217

CvssV3 impact

Version	3.1
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AttackVector	NETWORK
AttackComplexity	LOW
PrivilegesRequired	NONE
UserInteraction	NONE
Scope	UNCHANGED
ConfidentialityImpact	LOW
IntegrityImpact	NONE
AvailabilityImpact	NONE
BaseScore	5.3
BaseSeverity	MEDIUM

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io