CVE-2023-28972

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 19.2R3-S7 Junos OS versions prior to 19.3R3-S8 Junos OS versions prior to 19.4R3-S12 Junos OS versions prior to 20.2R3-S8 Junos OS versions prior to 20.4R3-S7 Junos OS versions prior to 21.1R3-S5 Junos OS versions prior to 21.2R3-S4 Junos OS versions prior to 21.3R3-S3 Junos OS versions prior to 21.4R3-S2 Junos OS versions prior to 22.1R3-S1 Junos OS versions prior to 22.2R3 Junos OS versions prior to 22.3R2

Description An issue in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. This issue is related to improper link resolution before file access.

Recommendations For Junos OS versions prior to 19.2R3-S7, update to 19.2R3-S7 or later. For Junos OS versions prior to 19.3R3-S8, update to 19.3R3-S8 or later. For Junos OS versions prior to 19.4R3-S12, update to 19.4R3-S12 or later. For Junos OS versions prior to 20.2R3-S8, update to 20.2R3-S8 or later. For Junos OS versions prior to 20.4R3-S7, update to 20.4R3-S7 or later. For Junos OS versions prior to 21.1R3-S5, update to 21.1R3-S5 or later. For Junos OS versions prior to 21.2R3-S4, update to 21.2R3-S4 or later. For Junos OS versions prior to 21.3R3-S3, update to 21.3R3-S3 or later. For Junos OS versions prior to 21.4R3-S2, update to 21.4R3-S2 or later. For Junos OS versions prior to 22.1R3-S1, update to 22.1R3-S1 or later. For Junos OS versions prior to 22.2R3, update to 22.2R3 or later. For Junos OS versions prior to 22.3R2, update to 22.3R2 or later.