CVE-2020-1614 CRITICAL

CVE-2020-1614: NFX250 Series: Hardcoded credentials in the vSRX VNF instance.

Vendor Juniper Networks
Product Juniper Networks NFX Series Network Services Platform
Weakness CWE-798 · Hardcoded credentials
Published April 8, 2020
Last update September 16, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1.

Key dates

02Disclosure timeline

April 8, 2020 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE