PT-2017-11401 · Juniper Networks · Junos
Publicado
2017-07-14
·
Atualizado
2019-10-09
·
CVE-2017-10604
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to 12.1X46-D65 on SRX series
Junos OS versions prior to 12.3X48-D45 on SRX series
Junos OS versions prior to 15.1X49-D75 on SRX series
Description
The issue occurs when a device is configured for account lockout with a defined time period. An unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. This can cause errors during cluster sync or failover operations on SRX Series devices in cluster mode. Administrators can verify the lockout status of the root account using the command
show system login lockout user root.Recommendations
For Junos OS versions prior to 12.1X46-D65 on SRX series, update to version 12.1X46-D65 or later.
For Junos OS versions prior to 12.3X48-D45 on SRX series, update to version 12.3X48-D45 or later.
For Junos OS versions prior to 15.1X49-D75 on SRX series, update to version 15.1X49-D75 or later.
Correção
Improper Restriction of Excessive Authentication Attempts
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Junos