CVE-2020-1614
CVSS V2 High 9.3
CVSS V3 Critical 10
Description
A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1.
Overview
- CVE ID
- CVE-2020-1614
- Assigner
- sirt@juniper.net
- Vulnerability Status
- Analyzed
- Published Version
- 2020-04-08T20:15:13
- Last Modified Date
- 2020-07-29T19:40:48
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* | 1 | OR | 19.2 | |
| cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:juniper:nfx250:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 9.3
- Severity
- HIGH
- Exploitability Score
- 8.6
- Impact Score
- 10
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- CHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 10
- Base Severity
- CRITICAL
- Exploitability Score
- 3.9
- Impact Score
- 6
References
| Reference URL | Reference Tags |
|---|---|
| https://www.juniper.net/documentation/en_US/release-independent/junos/topics/task/configuration/nfx250-configure-vsrx-internal-ip.html | Vendor Advisory |
| https://kb.juniper.net/JSA10997 | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2020-1614 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1614 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 16:39:05 | Added to TrackCVE | |||
| 2022-12-04 14:13:26 | 2020-04-08T20:15Z | 2020-04-08T20:15:13 | CVE Published Date | updated |
| 2022-12-04 14:13:26 | 2020-07-29T19:40:48 | CVE Modified Date | updated | |
| 2022-12-04 14:13:26 | Analyzed | Vulnerability Status | updated |