On March 1, 2016, a cross-protocol attack was
announced by OpenSSL that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800).
SSLv2 is a very old security protocol with known issues, but still exists as a fallback protocol on many devices.
Vulnerable Products- ScreenOS
- STRM/JSA Series
- WLC Wireless LAN Controller
Products Not Exploitable to Vulnerability by default configuration, which do not negotiate SSLv2 traffic.
Products Not Vulnerable- JunosE
- QFabric Director
- Standalone IDP
- NSM (server and NSM4000, NSM3000, NSMXpress appliance)
- WLAN RingMaster
- WLAN SmartPass
Juniper is continuing to investigate our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated.
This issue has been assigned
CVE-2016-0800.
Modification History: 2016-03-14: Initial publication
2016-03-15: Added IDP signature for SSLv2 detection
2016-03-23: Added detail regarding non-exploitability of this vulnerability due to configuration of products for Junos OS and Junos Space. Added additional workaround detail to disable SSLv2 when found.
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."