CVE-2020-1614 | A Use of Hard-coded Credentials vulnerability exists in the … | CVSS 10.0 CRITICAL

Description

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1.

Metadata

CVE ID: CVE-2020-1614
State: PUBLISHED
Assigner: juniper
Reserved: 2019-11-04 00:00 UTC
Published: 2020-04-08 19:25 UTC
Last updated: 2024-09-16 22:02 UTC
Primary CWE: CWE-798
CWE-798 Use of Hard-coded Credentials
Vendor / Product: Juniper Networks / Juniper Networks NFX Series Network Services Platform
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Juniper Networks	Juniper Networks NFX Series Network Services Platform	NFX250 Series	unspecified < 19.2R1

Weakness (CWE)

CWE	Source	Description
CWE-798	cna	CWE-798 Use of Hard-coded Credentials

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (2)