CVE-2020-1614

Published: Apr 8, 2020Modified: Nov 21, 2024

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1.

Affected (5)

Products: Juniper: Junos

1 product

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Juniper Junos	Before 19.2
Juniper Junos	Version 19.2 r1-s1
Juniper Junos	Version 19.2 r1-s2
Juniper Junos	Version 19.2 r1-s3
Juniper Junos	Version 19.2 r1-s4

Running on/with	Platform Versions
Juniper Nfx250	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

https://kb.juniper.net/JSA10997

Source: sirt@juniper.net

Vendor Advisory

https://www.juniper.net/documentation/en_US/release-independent/junos/topics/task/configuration/nfx250-configure-vsrx-internal-ip.html

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA10997

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.juniper.net/documentation/en_US/release-independent/junos/topics/task/configuration/nfx250-configure-vsrx-internal-ip.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.