CVE-2020-1614

Description

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1.

Related CPE's

o juniper junos 19.2 r1-s1 ******

o juniper junos 19.2 r1-s2 ******

o juniper junos 19.2 r1-s3 ******

o juniper junos 19.2 r1-s4 ******

o juniper junos ********

h juniper nfx250 -*******

References

https://www.juniper.net/documentation/en_US/release-independent/junos/topics/task/configuration/nfx250-configure-vsrx-internal-ip.html

Vendor Advisory

https://kb.juniper.net/JSA10997

Vendor Advisory

CvssV3 impact

Version	3.1
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AttackVector	NETWORK
AttackComplexity	LOW
PrivilegesRequired	NONE
UserInteraction	NONE
Scope	CHANGED
ConfidentialityImpact	HIGH
IntegrityImpact	HIGH
AvailabilityImpact	HIGH
BaseScore	10
BaseSeverity	CRITICAL

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:M/Au:N/C:C/I:C/A:C
AccessVector	NETWORK
AccessComplexity	MEDIUM
Authentication	NONE
ConfidentialityImpact	COMPLETE
IntegrityImpact	COMPLETE
AvailabilityImpact	COMPLETE
BaseScore	9.300000190734863

Created by Yello

About Severity.io