Sign-up

ID

VAR-201604-0058


CVE

CVE-2016-1273


TITLE

Juniper QFX5100 and QFX10002 Runs on the switch Junos OS Vulnerabilities that break the encryption and authentication protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2016-002149

DESCRIPTION

Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors. The Juniper Networks QFX5100 and QFX10002 are Juniper Networks switch products. Multiple QFX Series Products are prone to an insufficient-entropy vulnerability. Remote attackers can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. This aids in other attacks. This could allow the attacker to gain unauthorized access to the system. The following releases are affected: Juniper Networks Junos OS prior to 13.2X51-D40, 14.x prior to 14.1X53-D30, and 15.x prior to 15.1X53-D20

Trust: 2.52

sources: NVD: CVE-2016-1273 // JVNDB: JVNDB-2016-002149 // CNVD: CNVD-2016-02315 // BID: 86038 // VULHUB: VHN-90092

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-02315

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:lteversion:13.2x51

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:15.x

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d30

Trust: 0.8

vendor:junipermodel:qfx5100scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d20

Trust: 0.8

vendor:junipermodel:qfx10002scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.x

Trust: 0.8

vendor:junipermodel:networks junos os <13.2x51-d40scope: - version: -

Trust: 0.6

vendor:junipermodel:networks junos os 14.x<14.1x53-d30scope: - version: -

Trust: 0.6

vendor:junipermodel:networks junos os 15.x<15.1x53-d20scope: - version: -

Trust: 0.6

vendor:junipermodel:junosscope:eqversion:13.2x51

Trust: 0.6

sources: CNVD: CNVD-2016-02315 // JVNDB: JVNDB-2016-002149 // CNNVD: CNNVD-201604-293 // NVD: CVE-2016-1273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1273
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1273
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-02315
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201604-293
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90092
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1273
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-02315
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90092
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1273
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-02315 // VULHUB: VHN-90092 // JVNDB: JVNDB-2016-002149 // CNNVD: CNNVD-201604-293 // NVD: CVE-2016-1273

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-90092 // JVNDB: JVNDB-2016-002149 // NVD: CVE-2016-1273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-293

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201604-293

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002149

PATCH
title:JSA10746url:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10746
Trust: 0.8
title:JuniperNetworksQFX5100 and QFX10002 security bypass vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/74317
Trust: 0.6
title:Juniper Networks QFX5100  and QFX10002 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60954
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-02315 // 
            
            
            
            JVNDB: JVNDB-2016-002149 // 
            
            
            
            CNNVD: CNNVD-201604-293

EXTERNAL IDS
db:NVDid:CVE-2016-1273
Trust: 3.4
db:JUNIPERid:JSA10746
Trust: 2.3
db:JVNDBid:JVNDB-2016-002149
Trust: 0.8
db:CNNVDid:CNNVD-201604-293
Trust: 0.7
db:CNVDid:CNVD-2016-02315
Trust: 0.6
db:BIDid:86038
Trust: 0.4
db:VULHUBid:VHN-90092
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-02315 // 
            
            
            
            VULHUB: VHN-90092 // 
            
            
            
            BID: 86038 // 
            
            
            
            JVNDB: JVNDB-2016-002149 // 
            
            
            
            CNNVD: CNNVD-201604-293 // 
            
            
            
            NVD: CVE-2016-1273

REFERENCES
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10746
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1273
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1273
Trust: 0.8
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10746&actp=search
Trust: 0.6
url:http://kb.juniper.net/infocenter/index?page=content&amp;id=jsa10746
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-02315 // 
            
            
            
            VULHUB: VHN-90092 // 
            
            
            
            JVNDB: JVNDB-2016-002149 // 
            
            
            
            CNNVD: CNNVD-201604-293 // 
            
            
            
            NVD: CVE-2016-1273

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 86038

SOURCES
db:CNVDid:CNVD-2016-02315
db:VULHUBid:VHN-90092
db:BIDid:86038
db:JVNDBid:JVNDB-2016-002149
db:CNNVDid:CNNVD-201604-293
db:NVDid:CVE-2016-1273

LAST UPDATE DATE
2024-11-23T23:05:36.341000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-02315date:2016-04-19T00:00:00
db:VULHUBid:VHN-90092date:2016-04-20T00:00:00
db:BIDid:86038date:2016-04-13T00:00:00
db:JVNDBid:JVNDB-2016-002149date:2016-04-22T00:00:00
db:CNNVDid:CNNVD-201604-293date:2016-04-18T00:00:00
db:NVDid:CVE-2016-1273date:2024-11-21T02:46:05.040

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-02315date:2016-04-19T00:00:00
db:VULHUBid:VHN-90092date:2016-04-15T00:00:00
db:BIDid:86038date:2016-04-13T00:00:00
db:JVNDBid:JVNDB-2016-002149date:2016-04-22T00:00:00
db:CNNVDid:CNNVD-201604-293date:2016-04-14T00:00:00
db:NVDid:CVE-2016-1273date:2016-04-15T14:59:08.160