Vulnerability Name:

CVE-2004-1766 (CCN-14886)

Assigned:2004-01-20
Published:2004-01-20
Updated:2017-07-11
Summary:The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2004-1766

Source: CCN
Type: SA10675
NetScreen-Security Manager Communication Disclosure

Source: SECUNIA
Type: Vendor Advisory
10675

Source: CONFIRM
Type: UNKNOWN
http://www.juniper.net/support/security/alerts/58290.txt

Source: CCN
Type: US-CERT VU#927630
NetScreen-Security Manager fails to encrypt communications with managed devices

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#927630

Source: CONFIRM
Type: Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/CRDY-5VEU8N

Source: CCN
Type: NetScreen Technologies, Inc. Download Sofware Web site
Netscreen Technologies, Inc.::Services::Latest Software Availability

Source: CONFIRM
Type: UNKNOWN
http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp

Source: OSVDB
Type: UNKNOWN
3613

Source: CCN
Type: OSVDB ID: 3613
NetScreen ScreenOS/Security Manager Communication Disclosure

Source: BID
Type: Vendor Advisory
9455

Source: CCN
Type: BID-9455
NetScreen Security Manager Insecure Default Remote Communication Vulnerability

Source: XF
Type: UNKNOWN
netscreen-information-disclosure(14886)

Source: XF
Type: UNKNOWN
netscreen-information-disclosure(14886)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:juniper:netscreen-security_manager_2004:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:juniper:netscreen-security_manager_2004:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    juniper netscreen-security manager 2004 *
    juniper netscreen-security manager 2004 *