CVE-2023-28978

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 20.4R3-S7-EVO Juniper Networks Junos OS Evolved version 21.1-EVO versions prior to 21.1R3-S4-EVO Juniper Networks Junos OS Evolved version 21.2-EVO versions prior to 21.2R3-S5-EVO Juniper Networks Junos OS Evolved version 21.4-EVO versions prior to 21.4R3-S1-EVO Juniper Networks Junos OS Evolved version 22.2-EVO versions prior to 22.2R3-EVO Juniper Networks Junos OS Evolved version 22.2-EVO versions prior to 22.2R2-S1-EVO

Description An Insecure Default Initialization of Resource issue allows an unauthenticated, network-based attacker to read certain confidential information. In the default configuration, it is possible to read confidential information about locally configured administrative users of the affected system.

Recommendations For versions prior to 20.4R3-S7-EVO, update to version 20.4R3-S7-EVO or later. For version 21.1-EVO, update to version 21.1R3-S4-EVO or later. For version 21.2-EVO, update to version 21.2R3-S5-EVO or later. For version 21.4-EVO, update to version 21.4R3-S1-EVO or later. For version 22.2-EVO, update to version 22.2R3-EVO or later. For version 22.2-EVO, update to version 22.2R2-S1-EVO or later.