CVE-2021-0248

EPSS 0.42%
Veröffentlicht 22.04.2021 20:15:09
Zuletzt bearbeitet 21.11.2024 05:42:18
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

NFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces.

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version < 19.1

   Juniper ≫ Nfx150 Version-
   Juniper ≫ Nfx250 Version-
   Juniper ≫ Nfx350 Version-

Juniper ≫ Junos Version19.1 Update-

   Juniper ≫ Nfx150 Version-
   Juniper ≫ Nfx250 Version-
   Juniper ≫ Nfx350 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.612

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
sirt@juniper.net	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://kb.juniper.net/JSA11141

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-0248

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-0248

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-0248

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-0248