PT-2021-12974 · Juniper Networks · Junos
Published
2021-04-22
·
Updated
2022-09-20
·
CVE-2021-0266
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Juniper Networks Junos OS on cSRX Series versions prior to 20.2R3
Juniper Networks Junos OS on cSRX Series version 20.3 prior to 20.3R2
Juniper Networks Junos OS on cSRX Series version 20.4 prior to 20.4R2
Description:
The issue in Juniper Networks Junos OS on cSRX Series allows an attacker to take control of any instance of a cSRX deployment through device management services due to the use of multiple hard-coded cryptographic keys.
Recommendations:
For versions prior to 20.2R3, update to version 20.2R3 or later.
For version 20.3 prior to 20.3R2, update to version 20.3R2 or later.
For version 20.4 prior to 20.4R2, update to version 20.4R2 or later.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Junos