CVE-2020-1618
Description
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: At the first reboot after performing device factory reset using the command request system zeroize; or A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are fixed in junos 14.1X53-D53 | NCM |
| Vulnerabilities CVE-2020-1618 are fixed in junos 15.1R7-S4 | NCM |
| Multiple Vulnerabilities are fixed in junos 16.1R7-S4 | NCM |
| Multiple Vulnerabilities are fixed in junos 17.1R3-S1 | NCM |
| Multiple Vulnerabilities are fixed in junos 17.2R3-S3 | NCM |
| Multiple Vulnerabilities are fixed in junos 17.3R3-S6 | NCM |
| Multiple Vulnerabilities are fixed in junos 17.4R3 | NCM |
| Multiple Vulnerabilities are fixed in junos 18.1r3-s8 | NCM |
| Multiple Vulnerabilities are fixed in junos 18.2r2 | NCM |
| Vulnerabilities CVE-2020-1618 are fixed in junos 18.3R2. | NCM |
| Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2020-1618) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234