CVE-2024-30407
[Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks
In short
Juniper's cloud networking containers (JCNR and cRPD) contain the same SSH security keys in every installation. An attacker on the network can impersonate the container and intercept all SSH connections without being detected, gaining complete control.
Technical detail
CWE-321 (hard-coded cryptographic key) enables man-in-the-middle attacks against SSH connections to JCNR and cRPD containers. The attack vector requires network access to intercept SSH traffic; the presence of identical SSH host keys across deployments eliminates key-based authentication as a security control, allowing credential harvesting and container compromise.
Summary generated and translated by AI from the official description.
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container.
Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.
This issue affects Juniper Networks JCNR:
* All versions before 23.4.
This issue affects Juniper Networks cRPD:
* All versions before 23.4R1.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Juniper Networks, Inc. · cRPDJuniper Networks, Inc. · Juniper Cloud Native Router (JCNR)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →