medium
5.3
CWE
327 200
Advisory Published
Updated

CVE-2021-31352: SRC Series: NETCONF over SSH allows negotiation of weak ciphers

First published: Tue Oct 19 2021(Updated: )

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Juniper Session and Resource Control<4.130r6

Remedy

https://kb.juniper.net/JSA11217

Remedy

A hotfix has been created to resolve this issue. Contact Juniper Networks Technical Support to request the hotfix. Weak ciphers are now disabled by default. Only the following ciphers and key-exchange (KEX) algorithms are now enabled by default: • Ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com • KEX Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 Note: After upgrading to a fixed release, any manually configured weak ciphers or KEX algorithms for NETCONF will be retained. Administrators should reset their cipher configuration by typing: root@src# delete system services netconf ssh root@src# commit Stopping NETCONF/SSH: commit complete. root@src# set system services netconf ssh

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-31352?

    CVE-2021-31352 has been classified with a moderate severity rating due to the potential exposure of sensitive information.

  • How do I fix CVE-2021-31352?

    To fix CVE-2021-31352, configure your Juniper Networks SRC Series devices to use strong ciphers and upgrade to the latest version of the software.

  • What systems are affected by CVE-2021-31352?

    CVE-2021-31352 affects Juniper Session and Resource Control versions before 4.130r6 when configured for NETCONF over SSH.

  • What type of attack can exploit CVE-2021-31352?

    A remote attacker with read and write access to the network can exploit CVE-2021-31352 to negotiate weak ciphers.

  • Is any sensitive information at risk with CVE-2021-31352?

    Yes, CVE-2021-31352 allows remote attackers to potentially obtain sensitive information due to weak cipher negotiation.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203