CVE-2021-0248Hard-coded Credentials in Networks Junos OS

CWE-798Hard-coded Credentials4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
0.4%
top 38.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.1R1
NVDjuniper/junos< 19.1+1

🔴Vulnerability Details

2
GHSA
GHSA-466r-grw5-cc98: This issue is not applicable to NFX NextGen Software2022-05-24
CVEList
NFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces.2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0248: This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an a2021-04-22
CVE-2021-0248 — Hard-coded Credentials | cvebase