CVE-2020-1618
08.04.2020, 20:15
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: At the first reboot after performing device factory reset using the command request system zeroize; or A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3.Enginsight
| Vendor | Product | Version |
|---|---|---|
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 14.1x53:x53 |
| juniper | junos | 15.1 |
| juniper | junos | 15.1:a1 |
| juniper | junos | 15.1:f |
| juniper | junos | 15.1:f1 |
| juniper | junos | 15.1:f2 |
| juniper | junos | 15.1:f2-s1 |
| juniper | junos | 15.1:f2-s2 |
| juniper | junos | 15.1:f2-s3 |
| juniper | junos | 15.1:f2-s4 |
| juniper | junos | 15.1:f3 |
| juniper | junos | 15.1:f4 |
| juniper | junos | 15.1:f5 |
| juniper | junos | 15.1:f5-s7 |
| juniper | junos | 15.1:f6 |
| juniper | junos | 15.1:f6-s1 |
| juniper | junos | 15.1:f6-s12 |
| juniper | junos | 15.1:f6-s2 |
| juniper | junos | 15.1:f6-s3 |
| juniper | junos | 15.1:f6-s4 |
| juniper | junos | 15.1:f6-s7 |
| juniper | junos | 15.1:f7 |
| juniper | junos | 15.1:r1 |
| juniper | junos | 15.1:r2 |
| juniper | junos | 15.1:r3 |
| juniper | junos | 15.1:r4 |
| juniper | junos | 15.1:r4-s7 |
| juniper | junos | 15.1:r4-s8 |
| juniper | junos | 15.1:r4-s9 |
| juniper | junos | 15.1:r5 |
| juniper | junos | 15.1:r5-s1 |
| juniper | junos | 15.1:r5-s5 |
| juniper | junos | 15.1:r5-s6 |
| juniper | junos | 15.1:r6 |
| juniper | junos | 15.1:r6-s1 |
| juniper | junos | 15.1:r6-s2 |
| juniper | junos | 15.1:r6-s6 |
| juniper | junos | 15.1:r7 |
| juniper | junos | 15.1:r7-s1 |
| juniper | junos | 15.1:r7-s2 |
| juniper | junos | 15.1:r7-s3 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 15.1x53:x53 |
| juniper | junos | 16.1 |
| juniper | junos | 16.1:r1 |
| juniper | junos | 16.1:r2 |
| juniper | junos | 16.1:r3 |
| juniper | junos | 16.1:r3-s10 |
| juniper | junos | 16.1:r3-s11 |
| juniper | junos | 16.1:r4 |
| juniper | junos | 16.1:r4-s12 |
| juniper | junos | 16.1:r4-s2 |
| juniper | junos | 16.1:r4-s3 |
| juniper | junos | 16.1:r4-s4 |
| juniper | junos | 16.1:r4-s6 |
| juniper | junos | 16.1:r5 |
| juniper | junos | 16.1:r5-s4 |
| juniper | junos | 16.1:r6-s1 |
| juniper | junos | 16.1:r6-s6 |
| juniper | junos | 16.1:r7 |
| juniper | junos | 16.1:r7-s2 |
| juniper | junos | 16.1:r7-s3 |
| juniper | junos | 17.1 |
| juniper | junos | 17.1:r1 |
| juniper | junos | 17.1:r2 |
| juniper | junos | 17.1:r2-s1 |
| juniper | junos | 17.1:r2-s10 |
| juniper | junos | 17.1:r2-s2 |
| juniper | junos | 17.1:r2-s3 |
| juniper | junos | 17.1:r2-s4 |
| juniper | junos | 17.1:r2-s5 |
| juniper | junos | 17.1:r2-s6 |
| juniper | junos | 17.1:r2-s7 |
| juniper | junos | 17.1:r2-s8 |
| juniper | junos | 17.1:r2-s9 |
| juniper | junos | 17.1:r3 |
| juniper | junos | 17.2 |
| juniper | junos | 17.2:r1 |
| juniper | junos | 17.2:r1-s1 |
| juniper | junos | 17.2:r1-s2 |
| juniper | junos | 17.2:r1-s3 |
| juniper | junos | 17.2:r1-s4 |
| juniper | junos | 17.2:r1-s5 |
| juniper | junos | 17.2:r1-s7 |
| juniper | junos | 17.2:r1-s8 |
| juniper | junos | 17.2:r2 |
| juniper | junos | 17.2:r2-s6 |
| juniper | junos | 17.2:r2-s7 |
| juniper | junos | 17.2:r3-s1 |
| juniper | junos | 17.2:r3-s2 |
| juniper | junos | 17.3 |
| juniper | junos | 17.3:r1-s1 |
| juniper | junos | 17.3:r2 |
| juniper | junos | 17.3:r2-s1 |
| juniper | junos | 17.3:r2-s2 |
| juniper | junos | 17.3:r2-s3 |
| juniper | junos | 17.3:r2-s4 |
| juniper | junos | 17.3:r3 |
| juniper | junos | 17.3:r3-s1 |
| juniper | junos | 17.3:r3-s2 |
| juniper | junos | 17.3:r3-s3 |
| juniper | junos | 17.3:r3-s4 |
| juniper | junos | 17.3:r3-s5 |
| juniper | junos | 17.4 |
| juniper | junos | 17.4:r1 |
| juniper | junos | 17.4:r1-s1 |
| juniper | junos | 17.4:r1-s2 |
| juniper | junos | 17.4:r1-s4 |
| juniper | junos | 17.4:r1-s5 |
| juniper | junos | 17.4:r1-s6 |
| juniper | junos | 17.4:r1-s7 |
| juniper | junos | 17.4:r2 |
| juniper | junos | 17.4:r2-s1 |
| juniper | junos | 17.4:r2-s2 |
| juniper | junos | 17.4:r2-s3 |
| juniper | junos | 17.4:r2-s4 |
| juniper | junos | 17.4:r2-s5 |
| juniper | junos | 17.4:r2-s6 |
| juniper | junos | 17.4:r2-s7 |
| juniper | junos | 17.4:r2-s8 |
| juniper | junos | 18.1 |
| juniper | junos | 18.1:r2 |
| juniper | junos | 18.1:r2-s1 |
| juniper | junos | 18.1:r2-s2 |
| juniper | junos | 18.1:r2-s4 |
| juniper | junos | 18.1:r3 |
| juniper | junos | 18.1:r3-s1 |
| juniper | junos | 18.1:r3-s2 |
| juniper | junos | 18.1:r3-s3 |
| juniper | junos | 18.1:r3-s4 |
| juniper | junos | 18.1:r3-s6 |
| juniper | junos | 18.1:r3-s7 |
| juniper | junos | 18.2 |
| juniper | junos | 18.3 |
| juniper | junos | 18.3:r1 |
| juniper | junos | 18.3:r1-s1 |
| juniper | junos | 18.3:r1-s2 |
| juniper | junos | 18.3:r1-s3 |
| juniper | junos | 18.3:r1-s4 |
| juniper | junos | 18.3:r1-s5 |
| juniper | junos | 18.3:r1-s6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-288 - Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.