// For flags

CVE-2018-0044

NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS

Severity Score

8.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes". Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series.

Una configuración SSHD insegura en Juniper Device Manager (JDM) y el sistema operativo del host en dispositivos Juniper NFX Series podría permitir el acceso remoto no autenticado si cualquiera de las contraseñas en el sistema está vacía. La configuración SSHD afectada tiene la opción PermitEmptyPasswords establecida como "yes". Las versiones afectadas de Juniper Networks Junos OS son: versiones 18.1 anteriores a la 18.1R4 en NFX Series.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-16 CVE Reserved
  • 2018-10-10 CVE Published
  • 2024-03-02 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
References (2)
URL Tag Source
http://www.securityfocus.com/bid/105565 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA10878 2019-10-09
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
 Junos
Search vendor "Juniper" for product "Junos"
 >= 18.1r1 <= 18.1r3
Search vendor "Juniper" for product "Junos" and version " >= 18.1r1 <= 18.1r3"
-
Affected
in Juniper
Search vendor "Juniper"
 Nfx150
Search vendor "Juniper" for product "Nfx150"
--
Safe
Juniper
Search vendor "Juniper"
 Junos
Search vendor "Juniper" for product "Junos"
 >= 18.1r1 <= 18.1r3
Search vendor "Juniper" for product "Junos" and version " >= 18.1r1 <= 18.1r3"
-
Affected
in Juniper
Search vendor "Juniper"
 Nfx250
Search vendor "Juniper" for product "Nfx250"
--
Safe