CVE-2020-1614Hard-coded Credentials in Networks NFX Series Network Services Platform

CWE-798Hard-coded Credentials5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
0.4%
top 40.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks NFX Series Network Services PlatformJuniper Junos
Timeline
PublishedApr 8
Latest updateMay 24

Description

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has no

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

NVDjuniper/junos< 19.2+1

🔴Vulnerability Details

2
GHSA
GHSA-mrrq-pc5g-fmm4: A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attack2022-05-24
CVEList
NFX250 Series: Hardcoded credentials in the vSRX VNF instance.2020-04-08

📋Vendor Advisories

1
Juniper
CVE-2020-1614: A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attack2020-04-08

💬Community

1
Bugzilla
CVE-2019-13304 ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment2019-07-16
CVE-2020-1614 — Hard-coded Credentials | cvebase