CVE-2024-30407
Vulnerability from cvelistv5
Published
2024-04-12 15:03
Modified
2024-08-02 01:32
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.2 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
[Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Juniper Networks, Inc. | cRPD |
Version: 0 ≤ |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:juniper:cloud_native_router:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cloud_native_router", "vendor": "juniper", "versions": [ { "lessThan": "23.4", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:juniper:crpd:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "crpd", "vendor": "juniper", "versions": [ { "lessThan": "23.4r1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-30407", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-22T17:16:37.125801Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T16:14:18.691Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:32:07.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://supportportal.juniper.net/JSA79106" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://supportportal.juniper.net/JSA79107" }, { "tags": [ "technical-description", "x_transferred" ], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "cRPD", "vendor": "Juniper Networks, Inc.", "versions": [ { "lessThan": "23.4R1", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Juniper Cloud Native Router (JCNR)", "vendor": "Juniper Networks, Inc.", "versions": [ { "lessThan": "23.4", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJuniper Cloud Native Router (JCNR)\u003c/span\u003e\u0026nbsp;and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtainerized routing Protocol Deamon (cRPD) \u003c/span\u003eproducts allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. \u003cbr\u003e\u003cbr\u003eDue to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks JCNR:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 23.4.\u003c/li\u003e\u003c/ul\u003eThis issue affects Juniper Networks cRPD:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 23.4R1.\u003c/li\u003e\u003c/ul\u003e" } ], "value": "The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks\u00a0Juniper Cloud Native Router (JCNR)\u00a0and\u00a0containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. \n\nDue to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.\u00a0\n\nThis issue affects Juniper Networks JCNR:\n * All versions before 23.4.\n\n\nThis issue affects Juniper Networks cRPD:\n * All versions before 23.4R1." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e" } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9.2, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-16T20:45:00.505Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA79106" }, { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA79107" }, { "tags": [ "technical-description" ], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003c/p\u003e\u003cp\u003eJCNR: 23.4, and all subsequent releases.\u003c/p\u003e\u003cp\u003ecRPD: 23.4R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue:\u00a0\n\nJCNR: 23.4, and all subsequent releases.\n\ncRPD: 23.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA79106 JSA79107", "defect": [ "1698624" ], "discovery": "INTERNAL" }, "timeline": [ { "lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial Publication" } ], "title": "[Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eRemove the hard coded keys using:\u003c/p\u003e\u003ccode\u003e \u0026quot;rm -rf /etc/ssh/ssh_host_*\u0026quot; \u003c/code\u003e\u003cbr/\u003e\u003cp\u003eand then run \u003c/p\u003e\u003ccode\u003e \u0026quot;ssh-keygen -A\u0026quot; \u003c/code\u003e\u003cbr/\u003e\u003cp\u003eto generate new host keys.\u003c/p\u003e" } ], "value": "Remove the hard coded keys using:\n\n \"rm -rf /etc/ssh/ssh_host_*\" \nand then run \n\n \"ssh-keygen -A\" \nto generate new host keys." } ], "x_generator": { "engine": "Vulnogram 0.1.0-av217" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2024-30407", "datePublished": "2024-04-12T15:03:40.856Z", "dateReserved": "2024-03-26T23:06:19.981Z", "dateUpdated": "2024-08-02T01:32:07.279Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-30407\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-04-12T15:15:25.540\",\"lastModified\":\"2024-05-16T21:16:10.210\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks\u00a0Juniper Cloud Native Router (JCNR)\u00a0and\u00a0containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. \\n\\nDue to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.\u00a0\\n\\nThis issue affects Juniper Networks JCNR:\\n * All versions before 23.4.\\n\\n\\nThis issue affects Juniper Networks cRPD:\\n * All versions before 23.4R1.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad del uso de una clave criptogr\u00e1fica codificada en Juniper Networks Juniper Cloud Native Router (JCNR) y los productos de protocolo de enrutamiento en contenedores Deamon (cRPD) permite a un atacante realizar ataques de persona en el medio (PitM) que resultan en un compromiso total del contenedor. Debido a que las claves de host SSH codificadas est\u00e1n presentes en el contenedor, un atacante de PitM puede interceptar el tr\u00e1fico SSH sin ser detectado. Este problema afecta a Juniper Networks JCNR: * Todas las versiones anteriores a la 23.4. Este problema afecta al cRPD de Juniper Networks: * Todas las versiones anteriores a 23.4R1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-321\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA79106\",\"source\":\"sirt@juniper.net\"},{\"url\":\"https://supportportal.juniper.net/JSA79107\",\"source\":\"sirt@juniper.net\"},{\"url\":\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\",\"source\":\"sirt@juniper.net\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.