CVE-2023-28972Link Following in Networks Junos OS

CWE-59Link Following4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 89.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 17
Latest updateApr 18

Description

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password r

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os19.219.2R3-S7+11
NVDjuniper/junos12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-xj73-xcmg-mc23: An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to b2023-04-18
CVEList
Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery2023-04-17

📋Vendor Advisories

1
Juniper
CVE-2023-28972: An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to b2023-04-17
CVE-2023-28972 — Link Following in Networks Junos OS | cvebase