CVE-2020-1618

Published: Apr 8, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3.

Affected (203)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

203 vulnerable · 15 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 14.1x53
Juniper Junos	Version 14.1x53 d10
Juniper Junos	Version 14.1x53 d15
Juniper Junos	Version 14.1x53 d16
Juniper Junos	Version 14.1x53 d25
Juniper Junos	Version 14.1x53 d26
Juniper Junos	Version 14.1x53 d27
Juniper Junos	Version 14.1x53 d30
Juniper Junos	Version 14.1x53 d35
Juniper Junos	Version 14.1x53 d40
Juniper Junos	Version 14.1x53 d42
Juniper Junos	Version 14.1x53 d43
Juniper Junos	Version 14.1x53 d44
Juniper Junos	Version 14.1x53 d45
Juniper Junos	Version 14.1x53 d48
Juniper Junos	Version 14.1x53 d50
Juniper Junos	Version 14.1x53 d51
Juniper Junos	Version 14.1x53 d52
Juniper Junos	Version 15.1
Juniper Junos	Version 15.1 a1
Juniper Junos	Version 15.1 f1
Juniper Junos	Version 15.1 f2-s1
Juniper Junos	Version 15.1 f2-s2
Juniper Junos	Version 15.1 f2-s3
Juniper Junos	Version 15.1 f2-s4
Juniper Junos	Version 15.1 f2
Juniper Junos	Version 15.1 f3
Juniper Junos	Version 15.1 f4
Juniper Junos	Version 15.1 f5-s7
Juniper Junos	Version 15.1 f5
Juniper Junos	Version 15.1 f6-s12
Juniper Junos	Version 15.1 f6-s1
Juniper Junos	Version 15.1 f6-s2
Juniper Junos	Version 15.1 f6-s3
Juniper Junos	Version 15.1 f6-s4
Juniper Junos	Version 15.1 f6-s7
Juniper Junos	Version 15.1 f6
Juniper Junos	Version 15.1 f7
Juniper Junos	Version 15.1 f
Juniper Junos	Version 15.1 r1
Juniper Junos	Version 15.1 r2
Juniper Junos	Version 15.1 r3
Juniper Junos	Version 15.1 r4-s7
Juniper Junos	Version 15.1 r4-s8
Juniper Junos	Version 15.1 r4-s9
Juniper Junos	Version 15.1 r4
Juniper Junos	Version 15.1 r5-s1
Juniper Junos	Version 15.1 r5-s5
Juniper Junos	Version 15.1 r5-s6
Juniper Junos	Version 15.1 r5
Juniper Junos	Version 15.1 r6-s1
Juniper Junos	Version 15.1 r6-s2
Juniper Junos	Version 15.1 r6-s6
Juniper Junos	Version 15.1 r6
Juniper Junos	Version 15.1 r7-s1
Juniper Junos	Version 15.1 r7-s2
Juniper Junos	Version 15.1 r7-s3
Juniper Junos	Version 15.1 r7
Juniper Junos	Version 15.1x53
Juniper Junos	Version 15.1x53 d10
Juniper Junos	Version 15.1x53 d20
Juniper Junos	Version 15.1x53 d210
Juniper Junos	Version 15.1x53 d21
Juniper Junos	Version 15.1x53 d230
Juniper Junos	Version 15.1x53 d231
Juniper Junos	Version 15.1x53 d232
Juniper Junos	Version 15.1x53 d233
Juniper Junos	Version 15.1x53 d234
Juniper Junos	Version 15.1x53 d235
Juniper Junos	Version 15.1x53 d236
Juniper Junos	Version 15.1x53 d237
Juniper Junos	Version 15.1x53 d25
Juniper Junos	Version 15.1x53 d30
Juniper Junos	Version 15.1x53 d31
Juniper Junos	Version 15.1x53 d32
Juniper Junos	Version 15.1x53 d33
Juniper Junos	Version 15.1x53 d34
Juniper Junos	Version 15.1x53 d40
Juniper Junos	Version 15.1x53 d45
Juniper Junos	Version 15.1x53 d470
Juniper Junos	Version 15.1x53 d47
Juniper Junos	Version 15.1x53 d48
Juniper Junos	Version 15.1x53 d495
Juniper Junos	Version 15.1x53 d50
Juniper Junos	Version 15.1x53 d51
Juniper Junos	Version 15.1x53 d52
Juniper Junos	Version 15.1x53 d55
Juniper Junos	Version 15.1x53 d56
Juniper Junos	Version 15.1x53 d57
Juniper Junos	Version 15.1x53 d58
Juniper Junos	Version 15.1x53 d590
Juniper Junos	Version 15.1x53 d591
Juniper Junos	Version 15.1x53 d592
Juniper Junos	Version 15.1x53 d59
Juniper Junos	Version 15.1x53 d60
Juniper Junos	Version 15.1x53 d61
Juniper Junos	Version 15.1x53 d62
Juniper Junos	Version 15.1x53 d63
Juniper Junos	Version 15.1x53 d64
Juniper Junos	Version 15.1x53 d65
Juniper Junos	Version 15.1x53 d66
Juniper Junos	Version 15.1x53 d67
Juniper Junos	Version 15.1x53 d68
Juniper Junos	Version 15.1x53 d69
Juniper Junos	Version 15.1x53 d70
Juniper Junos	Version 16.1
Juniper Junos	Version 16.1 r1
Juniper Junos	Version 16.1 r2
Juniper Junos	Version 16.1 r3-s10
Juniper Junos	Version 16.1 r3-s11
Juniper Junos	Version 16.1 r3
Juniper Junos	Version 16.1 r4-s12
Juniper Junos	Version 16.1 r4-s2
Juniper Junos	Version 16.1 r4-s3
Juniper Junos	Version 16.1 r4-s4
Juniper Junos	Version 16.1 r4-s6
Juniper Junos	Version 16.1 r4
Juniper Junos	Version 16.1 r5-s4
Juniper Junos	Version 16.1 r5
Juniper Junos	Version 16.1 r6-s1
Juniper Junos	Version 16.1 r6-s6
Juniper Junos	Version 16.1 r7-s2
Juniper Junos	Version 16.1 r7-s3
Juniper Junos	Version 16.1 r7
Juniper Junos	Version 17.1
Juniper Junos	Version 17.1 r1
Juniper Junos	Version 17.1 r2-s10
Juniper Junos	Version 17.1 r2-s1
Juniper Junos	Version 17.1 r2-s2
Juniper Junos	Version 17.1 r2-s3
Juniper Junos	Version 17.1 r2-s4
Juniper Junos	Version 17.1 r2-s5
Juniper Junos	Version 17.1 r2-s6
Juniper Junos	Version 17.1 r2-s7
Juniper Junos	Version 17.1 r2-s8
Juniper Junos	Version 17.1 r2-s9
Juniper Junos	Version 17.1 r2
Juniper Junos	Version 17.1 r3
Juniper Junos	Version 17.2
Juniper Junos	Version 17.2 r1-s1
Juniper Junos	Version 17.2 r1-s2
Juniper Junos	Version 17.2 r1-s3
Juniper Junos	Version 17.2 r1-s4
Juniper Junos	Version 17.2 r1-s5
Juniper Junos	Version 17.2 r1-s7
Juniper Junos	Version 17.2 r1-s8
Juniper Junos	Version 17.2 r1
Juniper Junos	Version 17.2 r2-s6
Juniper Junos	Version 17.2 r2-s7
Juniper Junos	Version 17.2 r2
Juniper Junos	Version 17.2 r3-s1
Juniper Junos	Version 17.2 r3-s2
Juniper Junos	Version 17.3
Juniper Junos	Version 17.3 r1-s1
Juniper Junos	Version 17.3 r2-s1
Juniper Junos	Version 17.3 r2-s2
Juniper Junos	Version 17.3 r2-s3
Juniper Junos	Version 17.3 r2-s4
Juniper Junos	Version 17.3 r2
Juniper Junos	Version 17.3 r3-s1
Juniper Junos	Version 17.3 r3-s2
Juniper Junos	Version 17.3 r3-s3
Juniper Junos	Version 17.3 r3-s4
Juniper Junos	Version 17.3 r3-s5
Juniper Junos	Version 17.3 r3
Juniper Junos	Version 17.4
Juniper Junos	Version 17.4 r1-s1
Juniper Junos	Version 17.4 r1-s2
Juniper Junos	Version 17.4 r1-s4
Juniper Junos	Version 17.4 r1-s5
Juniper Junos	Version 17.4 r1-s6
Juniper Junos	Version 17.4 r1-s7
Juniper Junos	Version 17.4 r1
Juniper Junos	Version 17.4 r2-s1
Juniper Junos	Version 17.4 r2-s2
Juniper Junos	Version 17.4 r2-s3
Juniper Junos	Version 17.4 r2-s4
Juniper Junos	Version 17.4 r2-s5
Juniper Junos	Version 17.4 r2-s6
Juniper Junos	Version 17.4 r2-s7
Juniper Junos	Version 17.4 r2-s8
Juniper Junos	Version 17.4 r2
Juniper Junos	Version 18.1
Juniper Junos	Version 18.1 r2-s1
Juniper Junos	Version 18.1 r2-s2
Juniper Junos	Version 18.1 r2-s4
Juniper Junos	Version 18.1 r2
Juniper Junos	Version 18.1 r3-s1
Juniper Junos	Version 18.1 r3-s2
Juniper Junos	Version 18.1 r3-s3
Juniper Junos	Version 18.1 r3-s4
Juniper Junos	Version 18.1 r3-s6
Juniper Junos	Version 18.1 r3-s7
Juniper Junos	Version 18.1 r3
Juniper Junos	Version 18.2
Juniper Junos	Version 18.3
Juniper Junos	Version 18.3 r1-s1
Juniper Junos	Version 18.3 r1-s2
Juniper Junos	Version 18.3 r1-s3
Juniper Junos	Version 18.3 r1-s4
Juniper Junos	Version 18.3 r1-s5
Juniper Junos	Version 18.3 r1-s6
Juniper Junos	Version 18.3 r1

Running on/with	Platform Versions
Juniper Ex2300	All versions
Juniper Ex2300 C	All versions
Juniper Ex3400	All versions
Juniper Ex4300	All versions
Juniper Ex4600	All versions
Juniper Ex4650	All versions
Juniper Qfx10002	All versions
Juniper Qfx10008	All versions
Juniper Qfx10016	All versions
Juniper Qfx5100	All versions
Juniper Qfx5110	All versions
Juniper Qfx5120	All versions
Juniper Qfx5200	All versions
Juniper Qfx5210	All versions
Juniper Qfx5220	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-288

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

https://kb.juniper.net/JSA11001

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA11001

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.