7.4

CVE-2021-0296

EPSS 0.12%
Published 19.10.2021 19:15:08
Last modified 21.11.2024 05:42:25
Source sirt@juniper.net
Teams watchlist Login
Open Login

The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Ctpview Version7.3 Updater1

Juniper ≫ Ctpview Version7.3 Updater2

Juniper ≫ Ctpview Version7.3 Updater3

Juniper ≫ Ctpview Version7.3 Updater4

Juniper ≫ Ctpview Version7.3 Updater5

Juniper ≫ Ctpview Version7.3 Updater6

Juniper ≫ Ctpview Version9.1 Updater1

Juniper ≫ Ctpview Version9.1 Updater2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.284

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
sirt@juniper.net	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://kb.juniper.net/JSA11210

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-0296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-0296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-0296

EUVD