CVE-2018-0044

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 18.1R4 on NFX Series

Description The issue is related to an insecure SSHD configuration in Juniper Device Manager (JDM) and the host OS on Juniper NFX Series devices, which may allow remote unauthenticated access if any system passwords are empty. This is due to the PermitEmptyPasswords option being set to "yes". The vulnerability can be exploited by a remote attacker to gain full access to the device.

Recommendations For Juniper Networks Junos OS versions prior to 18.1R4 on NFX Series, update to version 18.1R4 or later to resolve the issue. As a temporary workaround, consider setting the PermitEmptyPasswords option to "no" to prevent remote unauthenticated access.