CVE-2020-1618
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3.
EPSS 0.04% · 12.4th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| juniper | junos | 14.1x53, 14.1x53, 14.1x53 |
| Juniper Networks | Junos OS | 12.3, 15.1, 15.1X53 |
Exploit Intelligence
- shoucheng3/x-stream__xstream_CVE-2013-7285_1-4-6 (github-poc)
- shoucheng3/x-stream__xstream_CVE-2013-7285_1-4-6 (github-poc)
- shoucheng3/x-stream__xstream_CVE-2013-7285_1-4-6 (github-poc)
- shoucheng3/x-stream__xstream_CVE-2013-7285_1-4-6 (github-poc)
- https://kb.juniper.net/JSA11001 (circl)
Timeline
- Apr 8, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://kb.juniper.net/JSA11001 url
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11004&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10997&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11002&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10994&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11003&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11010&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11013&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11009&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11016&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10999&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11014&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11006&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11008&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11005&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11001&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10996&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11007&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11000&cat=SIRT_1&actp=LIST advisory
…and 1 more