Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)



Article ID: JSA10722 SECURITY_ADVISORIES Last Updated: 23 Mar 2016Version: 5.0
Product Affected:
Refer to Problem section below.
On March 1, 2016, a cross-protocol attack was announced by OpenSSL that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800).

SSLv2 is a very old security protocol with known issues, but still exists as a fallback protocol on many devices.

Vulnerable Products
  • ScreenOS
  • STRM/JSA Series
  • WLC Wireless LAN Controller
Products Not Exploitable to Vulnerability by default configuration, which do not negotiate SSLv2 traffic.
  • Junos OS
  • Junos Space
Products Not Vulnerable
  • JunosE
  • QFabric Director
  • Standalone IDP
  • NSM (server and NSM4000, NSM3000, NSMXpress appliance)
  • WLAN RingMaster
  • WLAN SmartPass

Juniper is continuing to investigate our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated.

This issue has been assigned CVE-2016-0800.
Starting with ScreenOS 6.3.0r19, SSLv2 and SSLv3 can both be manually disabled via the 'unset ssl ssl3' CLI command.

STRM/JSA Series:
Fixes will be available in STRM versions 2014.6.r4 and 2013.2.r14.

Solutions for other vulnerable products will be added as they become available.

  • Follow security best current practices by limiting the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to networking devices via SSL only from trusted, administrative networks or hosts.
  • Use an external firewall to filter all incoming SSLv2 traffic.
  • Enable IDP signature (SSL:AUDIT:SSL-V2-TRAFFIC) to detect SSLv2 which can be set to be blocked via policy.
  • Ensure SSLv2 is not enabled on any systems, disable where necessary.

Modification History:
Modification History:

2016-03-14: Initial publication
2016-03-15: Added IDP signature for SSLv2 detection
2016-03-23: Added detail regarding non-exploitability of this vulnerability due to configuration of products for Junos OS and Junos Space.  Added additional workaround detail to disable SSLv2 when found.

CVSS Score:
4.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)
Severity Level:
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search