Juniper Networks Information for VU#369347

OpenSSH vulnerabilities in challenge response handling

Status

Not Affected

Vendor Statement

Although all domestically (i.e., United States) available releases of JUNOS Internet Software includes OpenSSH, the version of OpenSSH used is not susceptible to this vulnerability. There is therefore no need for customers to upgrade their JUNOS software.

OpenSSH is not included in any world-wide version of JUNOS, nor is it included in the Prisma G10 CMTS software release. Therefore, neither of these products are not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.