PT-2018-1759 · Juniper Networks · Juniper Device Manager+1

Published

2018-10-10

Updated

2019-10-09

CVE-2018-0044

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 18.1R4 on NFX Series

Description The issue is related to an insecure SSHD configuration in Juniper Device Manager (JDM) and the host OS on Juniper NFX Series devices, which may allow remote unauthenticated access if any system passwords are empty. This is due to the PermitEmptyPasswords option being set to "yes". The vulnerability can be exploited by a remote attacker to gain full access to the device.

Recommendations For Juniper Networks Junos OS versions prior to 18.1R4 on NFX Series, update to version 18.1R4 or later to resolve the issue. As a temporary workaround, consider setting the PermitEmptyPasswords option to "no" to prevent remote unauthenticated access.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-258

Related Identifiers

BDU:2018-01359

CVE-2018-0044

Affected Products

Juniper Device Manager

Junos

PT-2018-1759 · Juniper Networks · Juniper Device Manager+1

CVE-2018-0044

Weakness Enumeration

Related Identifiers

Affected Products

References · 7