Vulnerability Description
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | < 19.1 |
| Juniper | Nfx150 | - |
| Juniper | Nfx250 | - |
| Juniper | Nfx350 | - |
Related Weaknesses (CWE)
References
- https://kb.juniper.net/JSA11141Vendor Advisory
- https://kb.juniper.net/JSA11141Vendor Advisory
FAQ
What is CVE-2021-0248?
CVE-2021-0248 is a vulnerability with a CVSS score of 10.0 (CRITICAL). This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deploy...
How severe is CVE-2021-0248?
CVE-2021-0248 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-0248?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Nfx150, Juniper Nfx250, Juniper Nfx350.