CVE-2019-0035Trust Boundary Violation in Networks Junos OS

CWE-501Trust Boundary ViolationCWE-522Insufficiently Protected CredentialsCWE-59Link Following6 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 88.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Junos OSJuniper JunosJuniper Junos OS
Timeline
PublishedApr 10
Latest updateApr 18

Description

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short. Password recovery, changing the roo

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5juniper_networks/junos_os19.219.2R3-S7+11
NVDjuniper/junos26 versions+25

🔴Vulnerability Details

2
GHSA
GHSA-xj73-xcmg-mc23: An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to b2023-04-18
GHSA
GHSA-45jm-w28x-87fw: When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected2022-05-13

📋Vendor Advisories

2
Juniper
CVE-2023-28972: An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to b2023-04-17
Juniper
CVE-2019-0035: When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed usin2019-04-10
CVE-2019-0035 — Trust Boundary Violation | cvebase