cvelist/2021/0xxx/CVE-2021-0266.json

{
    "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
        "ID": "CVE-2021-0266",
        "STATE": "PUBLIC",
        "TITLE": "cSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services."
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Junos OS",
                                "version": {
                                    "version_data": [
                                        {
                                            "platform": "cSRX Series",
                                            "version_affected": "<",
                                            "version_value": "20.2R3"
                                        },
                                        {
                                            "platform": "cSRX Series",
                                            "version_affected": "<",
                                            "version_name": "20.3",
                                            "version_value": "20.3R2"
                                        },
                                        {
                                            "platform": "cSRX Series",
                                            "version_affected": "<",
                                            "version_name": "20.4",
                                            "version_value": "20.4R2"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Juniper Networks"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2."
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
    ],
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-321 Use of Hard-coded Cryptographic Keys"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://kb.juniper.net/JSA11157",
                "name": "https://kb.juniper.net/JSA11157"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "The following software releases have been updated to resolve this specific issue: 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases."
        }
    ],
    "source": {
        "advisory": "JSA11157",
        "defect": [
            "1564611"
        ],
        "discovery": "INTERNAL"
    },
    "work_around": [
        {
            "lang": "eng",
            "value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."
        }
    ]
}
"-Synchronized-Data." 2020-10-27 14:01:52 +00:00			`{`
			`"CVE_data_meta": {`
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. 2021-04-22 13:31:05 -06:00			`"ASSIGNER": "sirt@juniper.net",`
			`"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",`
"-Synchronized-Data." 2020-10-27 14:01:52 +00:00			`"ID": "CVE-2021-0266",`
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. 2021-04-22 13:31:05 -06:00			`"STATE": "PUBLIC",`
			`"TITLE": "cSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services."`
"-Synchronized-Data." 2020-10-27 14:01:52 +00:00			`},`
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. 2021-04-22 13:31:05 -06:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Junos OS",`
			`"version": {`
			`"version_data": [`
			`{`
			`"platform": "cSRX Series",`
			`"version_affected": "<",`
			`"version_value": "20.2R3"`
			`},`
			`{`
			`"platform": "cSRX Series",`
			`"version_affected": "<",`
			`"version_name": "20.3",`
			`"version_value": "20.3R2"`
			`},`
			`{`
			`"platform": "cSRX Series",`
			`"version_affected": "<",`
			`"version_name": "20.4",`
			`"version_value": "20.4R2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Juniper Networks"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-10-27 14:01:52 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-04-22 20:00:45 +00:00			`"value": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2."`
"-Synchronized-Data." 2020-10-27 14:01:52 +00:00			`}`
			`]`
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. 2021-04-22 13:31:05 -06:00			`},`
			`"exploit": [`
			`{`
			`"lang": "eng",`
			`"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."`
			`}`
			`],`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.1,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-321 Use of Hard-coded Cryptographic Keys"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2021-04-22 20:00:45 +00:00			`"refsource": "MISC",`
			`"url": "https://kb.juniper.net/JSA11157",`
			`"name": "https://kb.juniper.net/JSA11157"`
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. 2021-04-22 13:31:05 -06:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "The following software releases have been updated to resolve this specific issue: 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases."`
			`}`
			`],`
			`"source": {`
			`"advisory": "JSA11157",`
			`"defect": [`
			`"1564611"`
			`],`
			`"discovery": "INTERNAL"`
			`},`
			`"work_around": [`
			`{`
			`"lang": "eng",`
			`"value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."`
			`}`
			`]`
"-Synchronized-Data." 2020-10-27 14:01:52 +00:00			`}`