Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveJuniperCVE-2020-1615
HistoryApr 08, 2020 - 8:15 p.m.

CVE-2020-1615

2020-04-0820:15:13
CWE-798
juniper
web.nvd.nist.gov
34
vmx
juniper networks
junos os
cve-2020-1615
security
unauthorized access
default credentials

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; 18.1 versions prior to 18.1R3-S9 on vMX; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX.

Affected configurations

Nvd
Node
junipervmxMatch-
AND
juniperjunosMatch17.1-
OR
juniperjunosMatch17.1r1
OR
juniperjunosMatch17.1r2
OR
juniperjunosMatch17.1r2-s1
OR
juniperjunosMatch17.1r2-s10
OR
juniperjunosMatch17.1r2-s2
OR
juniperjunosMatch17.1r2-s3
OR
juniperjunosMatch17.1r2-s4
OR
juniperjunosMatch17.1r2-s5
OR
juniperjunosMatch17.1r2-s6
OR
juniperjunosMatch17.1r2-s7
OR
juniperjunosMatch17.1r2-s8
OR
juniperjunosMatch17.1r2-s9
OR
juniperjunosMatch17.1r3
OR
juniperjunosMatch17.1r3-s1
OR
juniperjunosMatch17.2-
OR
juniperjunosMatch17.2r1
OR
juniperjunosMatch17.2r1-s1
OR
juniperjunosMatch17.2r1-s2
OR
juniperjunosMatch17.2r1-s3
OR
juniperjunosMatch17.2r1-s4
OR
juniperjunosMatch17.2r1-s5
OR
juniperjunosMatch17.2r1-s7
OR
juniperjunosMatch17.2r1-s8
OR
juniperjunosMatch17.2r2
OR
juniperjunosMatch17.2r2-s6
OR
juniperjunosMatch17.2r2-s7
OR
juniperjunosMatch17.2r3-s1
OR
juniperjunosMatch17.2r3-s2
OR
juniperjunosMatch17.3-
OR
juniperjunosMatch17.3r1-s1
OR
juniperjunosMatch17.3r2
OR
juniperjunosMatch17.3r2-s1
OR
juniperjunosMatch17.3r2-s2
OR
juniperjunosMatch17.3r2-s3
OR
juniperjunosMatch17.3r2-s4
OR
juniperjunosMatch17.3r3
OR
juniperjunosMatch17.3r3-s1
OR
juniperjunosMatch17.3r3-s2
OR
juniperjunosMatch17.3r3-s3
OR
juniperjunosMatch17.3r3-s4
OR
juniperjunosMatch17.3r3-s5
OR
juniperjunosMatch17.3r3-s6
OR
juniperjunosMatch17.4-
OR
juniperjunosMatch17.4r1
OR
juniperjunosMatch17.4r1-s1
OR
juniperjunosMatch17.4r1-s2
OR
juniperjunosMatch17.4r1-s4
OR
juniperjunosMatch17.4r1-s5
OR
juniperjunosMatch17.4r1-s6
OR
juniperjunosMatch17.4r1-s7
OR
juniperjunosMatch17.4r2
OR
juniperjunosMatch17.4r2-s1
OR
juniperjunosMatch17.4r2-s2
OR
juniperjunosMatch17.4r2-s3
OR
juniperjunosMatch17.4r2-s4
OR
juniperjunosMatch17.4r2-s5
OR
juniperjunosMatch17.4r2-s6
OR
juniperjunosMatch17.4r2-s7
OR
juniperjunosMatch17.4r2-s8
OR
juniperjunosMatch18.1-
OR
juniperjunosMatch18.1r2
OR
juniperjunosMatch18.1r2-s1
OR
juniperjunosMatch18.1r2-s2
OR
juniperjunosMatch18.1r2-s4
OR
juniperjunosMatch18.1r3
OR
juniperjunosMatch18.1r3-s1
OR
juniperjunosMatch18.1r3-s2
OR
juniperjunosMatch18.1r3-s3
OR
juniperjunosMatch18.1r3-s4
OR
juniperjunosMatch18.1r3-s6
OR
juniperjunosMatch18.1r3-s7
OR
juniperjunosMatch18.1r3-s8
OR
juniperjunosMatch18.2-
OR
juniperjunosMatch18.2r1-s3
OR
juniperjunosMatch18.2r1-s5
OR
juniperjunosMatch18.2r2-s1
OR
juniperjunosMatch18.2r2-s2
OR
juniperjunosMatch18.2r2-s3
OR
juniperjunosMatch18.2r2-s4
OR
juniperjunosMatch18.2r2-s5
OR
juniperjunosMatch18.2r2-s6
OR
juniperjunosMatch18.2r3
OR
juniperjunosMatch18.2r3-s1
OR
juniperjunosMatch18.2r3-s2
OR
juniperjunosMatch18.2x75-
OR
juniperjunosMatch18.2x75d20
OR
juniperjunosMatch18.2x75d30
OR
juniperjunosMatch18.2x75d40
OR
juniperjunosMatch18.2x75-d10
OR
juniperjunosMatch18.3-
OR
juniperjunosMatch18.3r1
OR
juniperjunosMatch18.3r1-s1
OR
juniperjunosMatch18.3r1-s2
OR
juniperjunosMatch18.3r1-s3
OR
juniperjunosMatch18.3r1-s4
OR
juniperjunosMatch18.3r1-s5
OR
juniperjunosMatch18.3r1-s6
OR
juniperjunosMatch18.3r2
OR
juniperjunosMatch18.3r2-s1
OR
juniperjunosMatch18.3r2-s2
OR
juniperjunosMatch18.4-
OR
juniperjunosMatch18.4r1
OR
juniperjunosMatch18.4r1-s1
OR
juniperjunosMatch18.4r1-s2
OR
juniperjunosMatch18.4r1-s3
OR
juniperjunosMatch18.4r1-s4
OR
juniperjunosMatch18.4r1-s5
OR
juniperjunosMatch18.4r2
OR
juniperjunosMatch18.4r2-s1
OR
juniperjunosMatch18.4r2-s2
OR
juniperjunosMatch19.1-
OR
juniperjunosMatch19.1r1
OR
juniperjunosMatch19.1r1-s1
OR
juniperjunosMatch19.1r1-s2
OR
juniperjunosMatch19.1r1-s3
OR
juniperjunosMatch19.2-
OR
juniperjunosMatch19.2r1
OR
juniperjunosMatch19.2r1-s1
OR
juniperjunosMatch19.2r1-s2
OR
juniperjunosMatch19.3-
OR
juniperjunosMatch19.3r1
VendorProductVersionCPE
junipervmx-cpe:2.3:a:juniper:vmx:-:*:*:*:*:*:*:*
juniperjunos17.1cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*
juniperjunos17.1cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*
juniperjunos17.1cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*
juniperjunos17.1cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*
juniperjunos17.1cpe:2.3:o:juniper:junos:17.1:r2-s10:*:*:*:*:*:*
juniperjunos17.1cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*
juniperjunos17.1cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*
juniperjunos17.1cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*
juniperjunos17.1cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*
Rows per page:
1-10 of 1231

CNA Affected

[
  {
    "platforms": [
      "vMX"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "17.1R2-S11, 17.1R3-S2",
        "status": "affected",
        "version": "17.1",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2R3-S3",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R2-S5, 17.3R3-S7",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S9, 17.4R3",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S9",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R2-S7, 18.2R3-S3",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2X75-D420, 18.2X75-D60",
        "status": "affected",
        "version": "18.2X75",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R1-S7, 18.3R2-S3, 18.3R3-S1",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R1-S5, 18.4R2-S3, 18.4R3",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R1-S4, 19.1R2, 19.1R3",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R1-S3, 19.2R2",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R1-S1, 19.3R2",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 1
nvd 1
cvelist 1
prion 1
nessus
nessus
Junos OS Default Credentials Vulnerability (JSA10998)
2020-04-16 00:00:00
nvd
nvd
CVE-2020-1615
2020-04-08 20:15:13
cvelist
cvelist
CVE-2020-1615 Junos OS: vMX: Default credentials supplied in vMX configuration
2020-04-08 19:25:53
prion
prion
Authorization
2020-04-08 20:15:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON
Related for CVE-2020-1615
nessus1nvd1cvelist1prion1