1. Home
  2. CVE Database
  3. CVE-2020-1618
MEDIUM · 6.3

CVE-2020-1618

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certa...

Vulnerability Description

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
JuniperJunos14.1x53
JuniperEx2300-
JuniperEx2300-C-
JuniperEx3400-
JuniperEx4300-
JuniperEx4600-
JuniperEx4650-
JuniperQfx10002-
JuniperQfx10008-
JuniperQfx10016-
JuniperQfx5100-
JuniperQfx5110-
JuniperQfx5120-
JuniperQfx5200-
JuniperQfx5210-
JuniperQfx5220-

Related Weaknesses (CWE)

CWE-287CWE-288

References

FAQ

What is CVE-2020-1618?

CVE-2020-1618 is a vulnerability with a CVSS score of 6.3 (MEDIUM). On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certa...

How severe is CVE-2020-1618?

CVE-2020-1618 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1618?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex2300-C, Juniper Ex3400, Juniper Ex4300.