9.1

CVE-2026-33771

CTP OS: Configuring password requirements does not work which permits the use of weak passwords

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.

The password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option "Show password requirements". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.



This issue affects CTP OS versions 9.2R1 and 9.2R2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperCtop Os Version9.2 Updater1
JuniperCtop Os Version9.2 Updater2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.178
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
sirt@juniper.net 9.1 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
sirt@juniper.net 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords.