Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Junos Fail-Open Unauthenticated Root Access Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Junos OS is prone to a unauthenticated root access vulnerability.
Insight
Insight
When the pam.conf file is corrupted in certain ways, it may allow connection to the device as the root user with no password. This 'fail-open' behavior allows an attacker who can specifically modify the file to gain full access to the device. Note that inadvertent manipulation of the pam.conf by an authorized administrator can also lead to unauthenticated root access to the device.
Affected Software
Affected Software
Junos OS 12.1, 12.3, 13.2, 13.3, and 14.1
Detection Method
Detection Method
Checks if a vulnerable OS build is present on the target host.
Solution
Solution
New builds of Junos OS software are available from Juniper.