CVE-2021-31352
MEDIUMJuniper Session and Resource Control < 4.130r6 - Information Exposure via Weak NETCONF Cipher Negotiation
Title source: llmDescription
An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.
References (1)
Core 1
Core References
Exploit, Patch, Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA11217
Scores
CVSS v3
5.3
EPSS
0.0012
EPSS Percentile
30.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-327
CWE-200
Status
published
Products (1)
juniper/session_and_resource_control
< 4.130r6
Published
Oct 19, 2021
Tracked Since
Feb 18, 2026