CVE-2017-2343Hard-coded Credentials in Networks Junos OS

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.1%
top 13.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper JunosJuniper Junos OS+1 more
Timeline
PublishedJul 17
Latest updateMay 13

Description

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromis

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDjuniper/junos12.3x48, 15.1x49+1
CVEListV5juniper_networks/junos_os12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35, 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50+1

🔴Vulnerability Details

1
GHSA
GHSA-2vpg-v73j-6qq2: The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 122022-05-13

📋Vendor Advisories

1
Juniper
CVE-2017-2343: The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integ2017-07-17
CVE-2017-2343 — Hard-coded Credentials | cvebase