CVE-2021-0248 CRITICAL

CVE-2021-0248: NFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces.

Vendor Juniper Networks
Product Junos OS
Weakness CWE-798 · Hardcoded credentials
Published April 22, 2021
Last update September 16, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected.

Key dates

02Disclosure timeline

April 22, 2021 CVE published
September 16, 2024 Record updated