CVE-2020-1615Hard-coded Credentials in Networks Junos OS

CWE-798Hard-coded Credentials5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 35.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 8
Latest updateMay 24

Description

The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.117.1R2-S11, 17.1R3-S2+11
NVDjuniper/junos13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-f8jp-46hx-mw9r: The factory configuration for vMX installations, as shipped, includes default credentials for the root account2022-05-24
CVEList
Junos OS: vMX: Default credentials supplied in vMX configuration2020-04-08

📋Vendor Advisories

1
Juniper
CVE-2020-1615: The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these d2020-04-08

💬Community

1
Bugzilla
CVE-2019-13307 ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows2019-07-16
CVE-2020-1615 — Hard-coded Credentials | cvebase