CVE-2024-30407 - OpenCVE

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://supportportal.juniper.net/JSA79106
https://supportportal.juniper.net/JSA79107
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2024-04-12T15:03:40.856Z

Updated: 2024-06-06T16:14:18.691Z

Reserved: 2024-03-26T23:06:19.981Z

Link: CVE-2024-30407

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-04-12T15:15:25.540

Modified: 2024-05-16T21:16:10.210

Link: CVE-2024-30407

JSON object: View

Redhat Information

No data.

CWE

CWE-321

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30407", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-03-26T23:06:19.981Z", "datePublished": "2024-04-12T15:03:40.856Z", "dateUpdated": "2024-06-06T16:14:18.691Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "cRPD", "vendor": "Juniper Networks, Inc.", "versions": [{"lessThan": "23.4R1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Juniper Cloud Native Router (JCNR)", "vendor": "Juniper Networks, Inc.", "versions": [{"lessThan": "23.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks <span style=\"background-color: rgb(255, 255, 255);\">Juniper Cloud Native Router (JCNR)</span> and <span style=\"background-color: rgb(255, 255, 255);\">containerized routing Protocol Deamon (cRPD) </span>products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. <br><br>Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. <br><br>This issue affects Juniper Networks JCNR:<br><ul><li>All versions before 23.4.</li></ul>This issue affects Juniper Networks cRPD:<br><ul><li>All versions before 23.4R1.</li></ul>"}], "value": "The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks\u00a0Juniper Cloud Native Router (JCNR)\u00a0and\u00a0containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. \n\nDue to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.\u00a0\n\nThis issue affects Juniper Networks JCNR:\n * All versions before 23.4.\n\n\nThis issue affects Juniper Networks cRPD:\n * All versions before 23.4R1."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9.2, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-05-16T20:45:00.505Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA79106"}, {"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA79107"}, {"tags": ["technical-description"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue: </p><p>JCNR: 23.4, and all subsequent releases.</p><p>cRPD: 23.4R1, and all subsequent releases.<br><br></p>"}], "value": "The following software releases have been updated to resolve this specific issue:\u00a0\n\nJCNR: 23.4, and all subsequent releases.\n\ncRPD: 23.4R1, and all subsequent releases."}], "source": {"advisory": "JSA79106 JSA79107", "defect": ["1698624"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial Publication"}], "title": "[Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Remove the hard coded keys using:</p><code> "rm -rf /etc/ssh/ssh_host_*" </code><br/><p>and then run </p><code> "ssh-keygen -A" </code><br/><p>to generate new host keys.</p>"}], "value": "Remove the hard coded keys using:\n\n \"rm -rf /etc/ssh/ssh_host_*\" \nand then run \n\n \"ssh-keygen -A\" \nto generate new host keys."}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}}, "adp": [{"affected": [{"vendor": "juniper", "product": "cloud_native_router", "cpes": ["cpe:2.3:h:juniper:cloud_native_router:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "23.4", "versionType": "semver"}]}, {"vendor": "juniper", "product": "crpd", "cpes": ["cpe:2.3:a:juniper:crpd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "23.4r1", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-22T17:16:37.125801Z", "id": "CVE-2024-30407", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T16:14:18.691Z"}}]}}

{"descriptions": [{"lang": "en", "value": "The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks\u00a0Juniper Cloud Native Router (JCNR)\u00a0and\u00a0containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. \n\nDue to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.\u00a0\n\nThis issue affects Juniper Networks JCNR:\n * All versions before 23.4.\n\n\nThis issue affects Juniper Networks cRPD:\n * All versions before 23.4R1."}, {"lang": "es", "value": "La vulnerabilidad del uso de una clave criptogr\u00e1fica codificada en Juniper Networks Juniper Cloud Native Router (JCNR) y los productos de protocolo de enrutamiento en contenedores Deamon (cRPD) permite a un atacante realizar ataques de persona en el medio (PitM) que resultan en un compromiso total del contenedor. Debido a que las claves de host SSH codificadas est\u00e1n presentes en el contenedor, un atacante de PitM puede interceptar el tr\u00e1fico SSH sin ser detectado. Este problema afecta a Juniper Networks JCNR: * Todas las versiones anteriores a la 23.4. Este problema afecta al cRPD de Juniper Networks: * Todas las versiones anteriores a 23.4R1."}], "id": "CVE-2024-30407", "lastModified": "2024-05-16T21:16:10.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2024-04-12T15:15:25.540", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA79106"}, {"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA79107"}, {"source": "sirt@juniper.net", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}], "source": "sirt@juniper.net", "type": "Secondary"}]}