Vulnerability Description
A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | < 19.2 |
| Juniper | Nfx250 | - |
Related Weaknesses (CWE)
References
- https://kb.juniper.net/JSA10997Vendor Advisory
- https://www.juniper.net/documentation/en_US/release-independent/junos/topics/tasVendor Advisory
- https://kb.juniper.net/JSA10997Vendor Advisory
- https://www.juniper.net/documentation/en_US/release-independent/junos/topics/tasVendor Advisory
FAQ
What is CVE-2020-1614?
CVE-2020-1614 is a vulnerability with a CVSS score of 10.0 (CRITICAL). A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if the...
How severe is CVE-2020-1614?
CVE-2020-1614 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-1614?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Nfx250.