CVE-2019-0035

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 15.1 through 15.1F6-S12, 15.1R7-S3 Juniper Networks Junos OS versions 15.1X49 through 15.1X49-D160 Juniper Networks Junos OS versions 15.1X53 through 15.1X53-D236, 15.1X53-D496, 15.1X53-D68 Juniper Networks Junos OS versions 16.1 through 16.1R3-S10, 16.1R6-S6, 16.1R7-S3 Juniper Networks Junos OS versions 16.1X65 through 16.1X65-D49 Juniper Networks Junos OS versions 16.2 through 16.2R2-S8 Juniper Networks Junos OS versions 17.1 through 17.1R2-S10, 17.1R3 Juniper Networks Junos OS versions 17.2 through 17.2R1-S8, 17.2R3-S1 Juniper Networks Junos OS versions 17.3 through 17.3R3-S3 Juniper Networks Junos OS versions 17.4 through 17.4R1-S6, 17.4R2-S2 Juniper Networks Junos OS versions 18.1 through 18.1R2-S4, 18.1R3-S3 Juniper Networks Junos OS versions 18.2 through 18.2R2 Juniper Networks Junos OS versions 18.2X75 through 18.2X75-D40 Juniper Networks Junos OS versions 18.3 through 18.3R1-S2

Description The issue is related to errors in managing registration data in the Junos operating system. When "set system ports console insecure" is enabled, root login is disallowed as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM volume, leading to a possible administrative bypass with physical access to the console.

Recommendations For Juniper Networks Junos OS versions 15.1 through 15.1F6-S12, 15.1R7-S3, update to version 15.1F6-S12 or 15.1R7-S3 or later. For Juniper Networks Junos OS versions 15.1X49 through 15.1X49-D160, update to version 15.1X49-D160 or later. For Juniper Networks Junos OS versions 15.1X53 through 15.1X53-D236, 15.1X53-D496, 15.1X53-D68, update to version 15.1X53-D236, 15.1X53-D496, or 15.1X53-D68 or later. For Juniper Networks Junos OS versions 16.1 through 16.1R3-S10, 16.1R6-S6, 16.1R7-S3, update to version 16.1R3-S10, 16.1R6-S6, or 16.1R7-S3 or later. For Juniper Networks Junos OS versions 16.1X65 through 16.1X65-D49, update to version 16.1X65-D49 or later. For Juniper Networks Junos OS versions 16.2 through 16.2R2-S8, update to version 16.2R2-S8 or later. For Juniper Networks Junos OS versions 17.1 through 17.1R2-S10, 17.1R3, update to version 17.1R2-S10 or 17.1R3 or later. For Juniper Networks Junos OS versions 17.2 through 17.2R1-S8, 17.2R3-S1, update to version 17.2R1-S8 or 17.2R3-S1 or later. For Juniper Networks Junos OS versions 17.3 through 17.3R3-S3, update to version 17.3R3-S3 or later. For Juniper Networks Junos OS versions 17.4 through 17.4R1-S6, 17.4R2-S2, update to version 17.4R1-S6 or 17.4R2-S2 or later. For Juniper Networks Junos OS versions 18.1 through 18.1R2-S4, 18.1R3-S3, update to version 18.1R2-S4 or 18.1R3-S3 or later. For Juniper Networks Junos OS versions 18.2 through 18.2R2, update to version 18.2R2 or later. For Juniper Networks Junos OS versions 18.2X75 through 18.2X75-D40, update to version 18.2X75-D40 or later. For Juniper Networks Junos OS versions 18.3 through 18.3R1-S2, update to version 18.3R1-S2 or later.