CVE-2023-28972: Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-28972

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery

Source: NVD (National Vulnerability Database)

Vulnerability Description

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

在文件访问前对链接解析不恰当(链接跟随)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Juniper Networks Paragon Active Assurance 后置链接漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Juniper Networks Paragon Active Assurance是美国瞻博网络（Juniper Networks）公司的一种可编程的测试和服务保证解决方案。使用基于软件和流量生成的测试代理，可作为 SaaS 解决方案从云中轻松使用和交付，或在 NFV 环境中本地部署。 Juniper Networks Paragon Active Assurance (PAA) 4.1.2 之前版本存在后置链接漏洞，该漏洞源于timescaledb 功能中的通信通道对预期端点的不当限制，攻击者利用该漏洞

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Juniper Networks	Junos OS	19.2 ~ 19.2R3-S7	-

II. Public POCs for CVE-2023-28972

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-28972

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Junos OS

Same vendor: Juniper Networks

Same weakness: CWE-59

V. Comments for CVE-2023-28972

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2023-28972

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-28972

III. Intelligence Information for CVE-2023-28972

IV. Related Vulnerabilities

V. Comments for CVE-2023-28972

Leave a comment