CVE-2021-0245 — Hard-coded Credentials in Networks Junos OS

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 88.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 22

Latest updateMay 24

Description

A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device. This issue affects: Juniper Networks Junos OS Junos Fusion Satellite Devices. 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3-S2; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10; 17.4 version 17.4R3 and …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os16.1 — 16.1R7-S7+13

▶NVDjuniper/junos14 versions+13

🔴Vulnerability Details

GHSA

GHSA-r5j6-85w2-f95v: A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the de↗2022-05-24

▶

CVEList

Junos OS: Junos Fusion: Hard-coded credentials on satellite devices allows a locally authenticated attacker to elevate their privileges.↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0245: A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the de↗2021-04-22

▶