Vulnerability Description
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://supportportal.juniper.net/JSA79106
- https://supportportal.juniper.net/JSA79107
- https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H
- https://supportportal.juniper.net/JSA79106
- https://supportportal.juniper.net/JSA79107
- https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H
FAQ
What is CVE-2024-30407?
CVE-2024-30407 is a vulnerability with a CVSS score of 8.1 (HIGH). The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform P...
How severe is CVE-2024-30407?
CVE-2024-30407 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-30407?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.