CVE-2021-31352 MEDIUM

CVE-2021-31352: SRC Series: NETCONF over SSH allows negotiation of weak ciphers

Vendor Juniper Networks
Product SRC Series
Weakness CWE-200 · Info exposure
Published October 19, 2021
Last update September 16, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.

Key dates

02Disclosure timeline

October 19, 2021 CVE published
September 16, 2024 Record updated