Vulnerability Description
An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Session And Resource Control | < 4.130r6 |
Related Weaknesses (CWE)
References
- https://kb.juniper.net/JSA11217ExploitPatchVendor Advisory
- https://kb.juniper.net/JSA11217ExploitPatchVendor Advisory
FAQ
What is CVE-2021-31352?
CVE-2021-31352 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sens...
How severe is CVE-2021-31352?
CVE-2021-31352 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31352?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Session And Resource Control.