Main Vulnerability Database Vulnerabilities #VU15306

Security restrictions bypass in Juniper Junos OS - CVE-2018-0044

Published: October 10, 2018 / Updated: October 11, 2018

Vulnerability identifier: #VU15306

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0044

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to an insecure SSHD configuration with the PermitEmptyPasswords option set to "yes" in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices. A remote attacker can bypass security restrictions to conduct further attacks.

How to mitigate CVE-2018-0044

Update to version 18.1R4.

Sources

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10878&cat=SIRT_1&actp=LIST

Security restrictions bypass in Juniper Junos OS - CVE-2018-0044

Detailed vulnerability description

How to mitigate CVE-2018-0044

Sources

Please verify you're human