Vulnerabilities for Session and resource control (...) - CXSECURITY.COM

Vulnerabilities for 'Session and resource control'

2021-10-19

CVE-2021-31352

CWE-200

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.

CVE-2021-31380

NVD-CWE-noinfo

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.

CVE-2021-31381

NVD-CWE-noinfo

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system.

2008-06-10

CVE-2008-0960

CWE-287

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

>>> Vendor: Juniper 101 Products

Netscreen screenos

Netscreen remote security client

Netscreen remote vpn client

Netscreen-idp 10

Netscreen-idp 100

Netscreen-idp 1000

Netscreen-idp 500

Netscreen-security manager 2004

Junipersetup control

Session and resource control

Secure access 2000

Odyssey access client

Networks mobility system software

Junos space virtual appliance

Junos space ja1500 appliance

Junos pulse access control service

Junos pulse secure access service

Secure access virtual appliance

Fips secure access 4000

Fips secure access 4500

Fips secure access 6000

Fips secure access 6500

Mag2600 gateway

Mag4610 gateway

Mag6610 gateway

Mag6611 gateway

Secure access 2500

Secure access 4000

Secure access 4500

Secure access 6000

Secure access 6500

Secure access 700

Network and security manager software

Junos space ja2500 appliance

Fips infranet controller 6500

Infranet controller 4000

Infranet controller 4500

Infranet controller 6000

Infranet controller 6500

Unified access control software

Juniper installer service client

Junos pulse client

Mobile system software

Pulse connect secure

Northstar controller

Trusted platform module firmware

Junos os evolved

Advanced threat protection

Virtual advanced threat protection

Contrail networking

Paragon active assurance control center

See all Products for Vendor Juniper

Copyright 2024, cxsecurity.com