CVE-2018-0035

Name of the Vulnerable Software and Affected Versions: Junos OS versions 15.1X53-D21 through 15.1X53-D60

Description: The issue allows a superuser to reboot to an unintended additional Open Network Install Environment (ONIE) partition, which wipes out the content of the Junos partition and its configuration. After rebooting, the ONIE partition does not have a root password configured, allowing any user to access the console or SSH as root without a password using an IP address acquired from DHCP.

Recommendations: For Junos OS versions 15.1X53-D21 through 15.1X53-D60, the issue will persist even after upgrading to a higher release via the CLI. At the moment, there is no information about a newer version that contains a fix for this vulnerability.