Описание
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container.
Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.
This issue affects Juniper Networks JCNR:
- All versions before 23.4.
This issue affects Juniper Networks cRPD:
- All versions before 23.4R1.
Ссылки
EPSS
8.1 High
CVSS3
Дефекты
Связанные уязвимости
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1.
Уязвимость программных решений для маршрутизации Juniper Cloud Native Router (JCNR) и Containerized Routing Protocol Daemon (cRPD), связанная с использованием жестко закодированных ключей хоста SSH, позволяющая нарушителю реализовать атаку типа «человек посередине»
EPSS
8.1 High
CVSS3