CVE-2020-1614

Name of the Vulnerable Software and Affected Versions: Juniper Networks NFX250 Network Services Platform vSRX VNF instance versions prior to 19.2R1

Description: A Use of Hard-coded Credentials issue exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance. This allows an attacker to take control of the vSRX VNF instance if they have access to an administrative service, such as SSH, on the VNF, either locally or through the network. The issue only affects environments where the vSRX VNF root password has not been configured.

Recommendations: For versions prior to 19.2R1, update to version 19.2R1 or later to resolve the issue. As a temporary workaround, consider configuring the vSRX VNF root password to prevent exploitation. Restrict access to administrative services, such as SSH, to minimize the risk of unauthorized access.