CVE-2018-0044

EPSS 0.42%
Veröffentlicht 10.10.2018 18:29:00
Zuletzt bearbeitet 21.11.2024 03:37:25
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes". Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version >= 18.1r1 <= 18.1r3

Juniper ≫ Nfx150 Version-

Juniper ≫ Junos Version >= 18.1r1 <= 18.1r3

Juniper ≫ Nfx250 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.591

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
sirt@juniper.net	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/105565

Third Party Advisory

VDB Entry

https://kb.juniper.net/JSA10878

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0044

EUVD