Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1616

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.

Published

2020-04-08T20:15:13.247

Last Modified

2024-11-21T05:11:00.190

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-307
Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	juniper	advanced_threat_protection	< 5.0.6.0	Yes
Application	juniper	virtual_advanced_threat_protection	< 5.0.6.0	Yes

References

https://kb.juniper.net/JSA10999 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA10999 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)