TROYANOSYVIRUS
Volver a CVEs

CVE-2020-1614

CRITICAL
10.0

Descripcion

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1.

Detalles CVE

Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/8/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

juniper:junosjuniper:nfx250

Debilidades (CWE)

CWE-798CWE-798

Referencias

https://kb.juniper.net/JSA10997(sirt@juniper.net)
https://www.juniper.net/documentation/en_US/release-independent/junos/topics/task/configuration/nfx250-configure-vsrx-internal-ip.html(sirt@juniper.net)
https://kb.juniper.net/JSA10997(af854a3a-2127-422b-91ae-364da2661108)
https://www.juniper.net/documentation/en_US/release-independent/junos/topics/task/configuration/nfx250-configure-vsrx-internal-ip.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.