CVE Vulnerabilities

CVE-2018-0044

Improper Authentication

Published: Oct 10, 2018 | Modified: Oct 09, 2019
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to yes. Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Junos Juniper 18.1r1 (including) 18.1r3 (including)

Potential Mitigations

References