CVE-2021-0266
22.04.2021, 20:15
The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.Enginsight
| Vendor | Product | Version |
|---|---|---|
| juniper | junos | 20.2:r1 |
| juniper | junos | 20.2:r1-s1 |
| juniper | junos | 20.2:r1-s2 |
| juniper | junos | 20.2:r1-s3 |
| juniper | junos | 20.3:r1 |
| juniper | junos | 20.3:r1-s1 |
| juniper | junos | 20.4:r1 |
| juniper | junos | 20.4:r1-s1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-321 - Use of Hard-coded Cryptographic KeyThe use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.