vulnerability
Juniper Junos OS: 2019-07 Security Bulletin: Junos OS: Multiple Vulnerabilities in OpenSSH (JSA10940) (multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Aug 7, 2016 | Jul 11, 2019 | Aug 11, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Aug 7, 2016
Added
Jul 11, 2019
Modified
Aug 11, 2025
Description
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Solution
juniper-junos-os-upgrade-latest
References
- CVE-2015-6564
- https://attackerkb.com/topics/CVE-2015-6564
- CVE-2015-8325
- https://attackerkb.com/topics/CVE-2015-8325
- CVE-2016-10009
- https://attackerkb.com/topics/CVE-2016-10009
- CVE-2016-10010
- https://attackerkb.com/topics/CVE-2016-10010
- CVE-2016-10011
- https://attackerkb.com/topics/CVE-2016-10011
- CVE-2016-10012
- https://attackerkb.com/topics/CVE-2016-10012
- CVE-2016-6210
- https://attackerkb.com/topics/CVE-2016-6210
- CVE-2016-6515
- https://attackerkb.com/topics/CVE-2016-6515
- CWE-20
- JUNIPER-JSA10940
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.