CVE-2024-30407 [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router JCNR and containerized routing Protocol Deamon cRPD products allows an attacker to perform Person-in-the-Middle PitM attacks which results in complete compromise of the container. Due to...

PT-2024-3168 · Juniper Networks · Containerized Routing Protocol Daemon +1

Name of the Vulnerable Software and Affected Versions: Juniper Cloud Native Router JCNR versions prior to 23.4 Containerized Routing Protocol Daemon cRPD versions prior to 23.4R1 Description: The issue is related to the use of hard-coded cryptographic keys in Juniper Cloud Native Router JCNR and...

CVE-2022-22156

CVE-2022-22156 affects Juniper Networks Junos OS. The issue is an improper certificate validation when fetching system scripts via HTTPS, enabling potential Man-in-the-Middle attacks that could compromise integrity and confidentiality. Affected products include Junos OS across multiple released v...

CVE-2021-31386

A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle PitM attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1...

CVE-2021-31386

CVE-2021-31386 is a Protection Mechanism Failure in Juniper Networks Junos OS J-Web HTTP service. Multiple Junos releases are affected (12.3 before 12.3R12-S20; 15.1 before 15.1R7-S11; 18.3 before 18.3R3-S6; 18.4 before 18.4R3-S10; 19.1 before 19.1R3-S7; 19.2 before 19.2R3-S4; 19.3 before 19.3R3-...

CVE-2021-31386 Junos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks.

A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle PitM attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1...

CVE-2020-10282

The CVE-2020-10282 entry concerns MAVLink, where version 1.0 has no authentication or authorization, enabling identity spoofing, unauthorized access, and man-in-the-middle-style attacks on MAVLink-based UAV communications. Some sources note MAVLink 2.0 adds a basic authentication mechanism (e.g.,...

CVE-2020-10282 RVD#3316: No authentication in MAVLink protocol

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

CVE-2020-10266

CVE-2020-10266 affects UR+ (Universal Robots+) components used with Universal Robots robotic arms (e.g., UR10). The vulnerability arises because installing components from UR+ involves no integrity checks, and the SDK to create such components is publicly available. An attacker could craft a mali...