CVE-2023-28972

Vulnerability Summary

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an malicious user to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions before 19.2R3-S7; 19.3 versions before 19.3R3-S8; 19.4 versions before 19.4R3-S12; 20.2 versions before 20.2R3-S8; 20.4 versions before 20.4R3-S7; 21.1 versions before 21.1R3-S5; 21.2 versions before 21.2R3-S4; 21.3 versions before 21.3R3-S3; 21.4 versions before 21.4R3-S2; 22.1 versions before 22.1R3-S1; 22.2 versions before 22.2R2-S1, 22.2R3; 22.3 versions before 22.3R1-S2, 22.3R2.

Vulnerability Trend

References