CVE-2020-1618Authentication Bypass Using an Alternate Path or Channel in Networks Junos OS

CWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-287Improper Authentication4 documents4 sources
Severity
6.8MEDIUMNVD
CNA6.3
EPSS
0.0%
top 88.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 8
Latest updateMay 24

Description

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os14.1X5314.1X53-D53+10
NVDjuniper/junos11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-2r53-mrx4-q6h9: On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without2022-05-24
CVEList
Junos OS: EX and QFX Series: Console port authentication bypass vulnerability2020-04-08

📋Vendor Advisories

1
Juniper
CVE-2020-1618: On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without2020-04-08
CVE-2020-1618 — Juniper Networks Junos OS vulnerability | cvebase