CVE-2020-1616
MEDIUMJuniper Advanced Threat Prevention and Virtual JATP < 5.0.6.0 - Unauthenticated Excessive Authentication Attempts
Title source: llmDescription
Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://kb.juniper.net/JSA10999
Scores
CVSS v3
5.3
EPSS
0.0054
EPSS Percentile
67.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-307
Status
published
Products (2)
juniper/advanced_threat_protection
< 5.0.6.0
juniper/virtual_advanced_threat_protection
< 5.0.6.0
Published
Apr 08, 2020
Tracked Since
Feb 18, 2026