CVE-2016-1273

Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10746	Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10746	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos::d35::::::*
	cpe:2.3:o:juniper:junos:14.1x53:::::::*
	cpe:2.3:o:juniper:junos:14.1x53:d10::::::
	cpe:2.3:o:juniper:junos:14.1x53:d15::::::
	cpe:2.3:o:juniper:junos:14.1x53:d16::::::
	cpe:2.3:o:juniper:junos:14.1x53:d25::::::
	cpe:2.3:o:juniper:junos:14.1x53:d26::::::
	cpe:2.3:o:juniper:junos:15.1:f2::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s1::::::
	cpe:2.3:o:juniper:junos:15.1:r1::::::
	cpe:2.3:o:juniper:junos:15.1:r2::::::
	cpe:2.3:o:juniper:junos:15.1x49:d10::::::
	cpe:2.3:o:juniper:junos:15.1x49:d20::::::
	cpe:2.3:o:juniper:junos:15.1x53:d10::::::

OR	cpe:2.3:h:juniper:qfx10002:-:::::::*
	cpe:2.3:h:juniper:qfx5100:-:::::::*

History

21 Nov 2024, 02:46

Type	Values Removed	Values Added
References	~~() http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10746 - Vendor Advisory~~	() http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10746 - Vendor Advisory

Information

Published : 2016-04-15 14:59

Updated : 2024-11-21 02:46

NVD link : CVE-2016-1273

Mitre link : CVE-2016-1273

CVE.ORG link : CVE-2016-1273

JSON object : View

Products Affected

juniper

qfx5100
junos
qfx10002

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2016-1273", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2016-04-15T14:59:08.160", "references": [{"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10746", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10746", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors."}, {"lang": "es", "value": "Juniper Junos OS en versiones anteriores a 13.2X51-D40, 14.x en versiones anteriores a 14.1X53-D30 y 15.x en versiones anteriores a 15.1X53-D20 en switches QFX5100 y QFX10002 no tienen suficiente entrop\u00eda, lo que facilita a atacantes remotos romper el cifrado criptogr\u00e1fico y los mecanismos de protecci\u00f3n de autenticaci\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T02:46:05.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:*:d35:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7D89ADE-DE99-42C7-970A-7DB24EF7106B", "versionEndIncluding": "13.2x51"}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C7FCCC1-B151-465A-8327-26DB5DC074F0"}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09771B8F-8B2A-4E8B-B4D3-80677697FCF3"}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55E2F909-E1CC-45AA-ABA9-58178B751808"}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1AA12C5-4520-4F79-80BE-66112F7AFC2A"}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "807C8110-5CC2-45F0-B094-BBF9C0B63BDD"}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "547E5737-D385-49B9-A69F-A3B185A34116"}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C56E6C3-BBB6-4853-91D9-99C7676D0CD4"}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC196685-3B0C-4754-AE6A-6BE456CC6B52"}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3"}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E6CD065-EC06-4846-BD2A-D3CA7866070F"}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2"}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69"}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E87C765-8D68-404A-AC71-3F22A7260E8C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:juniper:qfx10002:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1401145-D8EC-4DB9-9CDE-9DE6C0D000C5"}, {"criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}