CVE-2018-0044

EPSS 0.42%
Published 10.10.2018 18:29:00
Last modified 21.11.2024 03:37:25
Source sirt@juniper.net
Teams watchlist Login
Open Login

An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes". Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Version >= 18.1r1 <= 18.1r3

Juniper ≫ Nfx150 Version-

Juniper ≫ Junos Version >= 18.1r1 <= 18.1r3

Juniper ≫ Nfx250 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.591

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
sirt@juniper.net	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/105565

Third Party Advisory

VDB Entry

https://kb.juniper.net/JSA10878

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0044

EUVD