CVE-2023-28972 (GCVE-0-2023-28972)

Vulnerability from cvelistv5 – Published: 2023-04-17 00:00 – Updated: 2025-02-26 19:20
VLAI
Title
Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery
Summary
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.
Severity
6.8 (Medium)
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 19.2 , < 19.2R3-S7 (custom)
Affected: 19.3 , < 19.3R3-S8 (custom)
Affected: 19.4 , < 19.4R3-S12 (custom)
Affected: 20.2 , < 20.2R3-S8 (custom)
Affected: 20.4 , < 20.4R3-S7 (custom)
Affected: 21.1 , < 21.1R3-S5 (custom)
Affected: 21.2 , < 21.2R3-S4 (custom)
Affected: 21.3 , < 21.3R3-S3 (custom)
Affected: 21.4 , < 21.4R3-S2 (custom)
Affected: 22.1 , < 22.1R3-S1 (custom)
Affected: 22.2 , < 22.2R2-S1, 22.2R3 (custom)
Affected: 22.3 , < 22.3R1-S2, 22.3R2 (custom)
Create a notification for this product.
Date Public
2023-04-12 00:00
Credits
Juniper SIRT would like to acknowledge and thank Petri Saarenmaa from Netum for responsibly reporting this vulnerability.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:51:38.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA70596"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28972",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T18:59:24.316486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T19:20:42.081Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "NFX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.2R3-S7",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R3-S8",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R3-S12",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S8",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S7",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R3-S5",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R3-S4",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R3-S3",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R3-S2",
              "status": "affected",
              "version": "21.4",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1R3-S1",
              "status": "affected",
              "version": "22.1",
              "versionType": "custom"
            },
            {
              "lessThan": "22.2R2-S1, 22.2R3",
              "status": "affected",
              "version": "22.2",
              "versionType": "custom"
            },
            {
              "lessThan": "22.3R1-S2, 22.3R2",
              "status": "affected",
              "version": "22.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juniper SIRT would like to acknowledge and thank Petri Saarenmaa from Netum for responsibly reporting this vulnerability."
        }
      ],
      "datePublic": "2023-04-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When \"set system ports console insecure\" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using \"set system root-authentication plain-text-password\" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-17T00:00:00.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "url": "https://supportportal.juniper.net/JSA70596"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.3R3-S3, 21.4R3-S2, 22.1R3-S1, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.\n"
        }
      ],
      "source": {
        "advisory": "JSA70596",
        "defect": [
          "1669072"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Junos OS: NFX Series: \u0027set system ports console insecure\u0027 allows root password recovery",
      "workarounds": [
        {
          "lang": "en",
          "value": "Limit console access to the device to only trusted administrators."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-28972",
    "datePublished": "2023-04-17T00:00:00.000Z",
    "dateReserved": "2023-03-29T00:00:00.000Z",
    "dateUpdated": "2025-02-26T19:20:42.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-28972",
      "date": "2026-05-30",
      "epss": "0.00153",
      "percentile": "0.35686"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-28972\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2023-04-17T22:15:09.140\",\"lastModified\":\"2024-11-21T07:56:18.957\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When \\\"set system ports console insecure\\\" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using \\\"set system root-authentication plain-text-password\\\" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E7545CE-6300-4E81-B5AF-2BE150C1B190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CA3060F-1800-4A06-A453-FB8CE4B65312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A5B337A-727C-4767-AD7B-E0F7F99EB46F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FDE60B-7A99-4683-BC14-530B5B005F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"725D8C27-E4F8-4394-B4EC-B49B6D3C2709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8233C3AB-470E-4D13-9BFD-C9E90918FD0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F7A233A-D4F6-46FA-92E9-2ACE13E4A6A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADCE4EA8-DDBA-4766-BB81-E4DA29723723\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"2849078A-447A-4615-94E1-58AF450ED22A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s8:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2C625B6-25ED-4F6C-A778-6AB7FA7901CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s9:*:*:*:*:*:*\",\"matchCriteriaId\":\"84EC3EE0-F1D9-4CBB-B3FA-83C05C50EB5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C71D2FA-B1A4-4004-807F-7B3BB347DF4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E78E854-DDD3-4D1A-97AB-AEA70B9B811F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"512FB3D1-BA5B-4F73-BDB2-49D6889F5473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FCBFF57-83A1-4C1C-A38D-7DAB48BCA2EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"920FE638-BDE6-403D-9083-2BDBF6A3326F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E38CD1E2-41F5-42D1-B915-055A497C576A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C816B9A-F152-4E5F-8152-73635840A89A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E0EA9DA-2DAD-4FA4-8CCC-E2F3D7069305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"F56182CE-376A-4B77-BB53-1E988842AEC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"59006503-B2CA-4F79-AC13-7C5615A74CE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8110DA9-54B1-43CF-AACB-76EABE0C9EF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B5CC5A-1959-4113-BFCF-E4BA63D918C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F08A33-EF80-4D86-9A9A-9DF147B9B6D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF24ACBD-5F84-47B2-BFF3-E9A56666269C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3935A586-41BD-4FA5-9596-DED6F0864777\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B83FB539-BD7C-4BEE-9022-098F73902F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"7659AC36-A5EA-468A-9793-C1EC914D36F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E018E1-568E-40F2-ADA5-F71509811879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"122B09A3-299A-421C-9A6B-B3FEED8E19FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"55F3E730-83F2-43C2-B6DC-77BAABB2F01D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9295AF3-A883-47C3-BAF8-3D82F719733E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F09D3262-394A-43D1-A4ED-8887FCB20F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3FEA876-302D-4F07-94E6-237C669538F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B011854A-932C-4D5C-B469-71F72608DFCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"94A44054-B47B-453C-BF0F-9E071EFF6542\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA3A4806-59AB-43D6-BFE3-A6DCE098335C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"45DA4D89-1362-421F-8218-585CE5D60E81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r3-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA350A8-9441-496C-A86C-0D209190A178\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B342307-98CF-45C9-9F08-5EB06C679B79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC743EE4-8833-452A-94DB-655BF139F883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE96A8EA-FFE3-4D8F-9266-21899149D634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C12A75C6-2D00-4202-B861-00FF71585FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"70FF3DD4-14CB-435D-8529-0480EB853F60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r1-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"84429093-AB3C-4C05-B8FA-87D94091820F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DCFA774-96EF-4018-82CF-95C807025C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"76022948-4B07-43CB-824C-44E1AB3537CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"25446F60-5CB9-4923-BCE8-609AE3CFDFBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A23E5CEA-EFF5-4641-BC47-BA2D0859F0EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"760E2418-B945-4467-BDAC-7702DDF4C4EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r2-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"98097AB6-56CB-42E4-96B4-ABBD4F36553C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r2-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"7844B380-7986-4B71-B1AE-22D46E5007D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r2-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EF24AFC-D359-4132-A133-1F6680F7BE46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"758275F3-9457-45A2-8F57-65DCD659FC1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B46CB928-78B5-4D60-B747-9A0988C7060D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s10:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F449CD5-9D3D-4D99-8A6F-8C7946A4F2D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s11:*:*:*:*:*:*\",\"matchCriteriaId\":\"D85FF739-F299-479A-82F1-DB6788F3D4DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED73BF1A-96E4-49F1-A6AA-7B29DAA6C112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0886EFA6-47E3-4C1D-A278-D3891A487FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A209EE6F-E676-4172-8FF3-4E03748DEB13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC395200-9A69-468A-8461-D2219B34AA0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"08584FCD-4593-4590-A988-C862295E618A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BF7792C-51FF-4C6E-B5E7-F87738FE4B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s8:*:*:*:*:*:*\",\"matchCriteriaId\":\"E69B0ED4-898D-4D7A-9711-8DB00EE3197B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r3-s9:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BBF56BB-939A-4E38-BD9E-E3198E70F8E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4CF52CF-F911-4615-9171-42F84429149F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3C23AEB-34DE-44FB-8D64-E69D6E8B7401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"18DB9401-5A51-4BB3-AC2F-58F58F1C788C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F53DA5-59AE-403C-9B1E-41CE267D8BB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3332262F-81DA-4D78-99C9-514CADA46611\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B46B63A2-1518-4A29-940C-F05624C9658D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E0D4959-3865-42A7-98CD-1103EBD84528\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A58292B-814C-49E7-8D6D-BE26EFB9ADDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"681AE183-7183-46E7-82EA-28C398FA1C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6E9627-8BF1-4BE8-844B-EE8F1C9478F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A80F23B-CD13-4745-BA92-67C23B297A18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"67D4004B-1233-4258-9C7A-F05189146B44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"69E33F24-D480-4B5F-956D-D435A551CBE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E5E3FDB-3F33-4686-9B64-0152AD41939D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C411A2E-A407-44E5-A2B2-3D049FB2DB4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r3-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA7259B5-6BDC-4CB8-AB81-2375803E42E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D361B23-A3C2-444B-BEB8-E231DA950567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"20DDC6B7-BFC4-4F0B-8E68-442C23765BF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"037BA01C-3F5C-4503-A633-71765E9EF774\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C54B047C-4B38-40C0-9855-067DCF7E48BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"38984199-E332-4A9C-A4C0-78083D052E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA6526FB-2941-4D18-9B2E-472AD5A62A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"09876787-A40A-4340-9C12-8628C325353B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"41615104-C17E-44DA-AB0D-6E2053BD4EF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1981DE38-36B5-469D-917E-92717EE3ED53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFA68ACD-AAE5-4577-B734-23AAF77BC85A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"65948ABC-22BB-46D5-8545-0806EDB4B86E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"283E41CB-9A90-4521-96DC-F31AA592CFD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"14EEA504-CBC5-4F6F-889A-D505EC4BB5B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"625BA7E6-D2AD-4A48-9B94-24328BE5B06A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F462F4E3-762C-429F-8D25-5521100DD37C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"689FE1AE-7A85-4FB6-AB02-E732F23581B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"79E56DAC-75AD-4C81-9835-634B40C15DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0040FE2-7ECD-4755-96CE-E899BA298E0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"076AB086-BB79-4583-AAF7-A5233DFB2F95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"72E2DDF6-01DF-4880-AB60-B3DA3281E88D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"54010163-0810-4CF5-95FE-7E62BC6CA4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C1C3B09-3800-493E-A319-57648305FE6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"216E7DDE-453D-481F-92E2-9F8466CDDA3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52AF794-B36B-43A6-82E9-628658624B0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3998DC76-F72F-4452-9150-652140B113EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"36ED4552-2420-45F9-B6E4-6DA2B2B12870\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C28A14E7-7EA0-4757-9764-E39A27CFDFA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A43752D-A4AF-4B4E-B95B-192E42883A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"42986538-E9D0-4C2E-B1C4-A763A4EE451B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE22CA01-EA7E-4EE5-B59F-EE100688C1DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E596ABD9-6ECD-48DC-B770-87B7E62EA345\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"71745D02-D226-44DC-91AD-678C85F5E6FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"39E44B09-7310-428C-8144-AE9DB0484D1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC78A4CB-D617-43FC-BB51-287D2D0C44ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"30FF67F8-1E3C-47A8-8859-709B3614BA6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C7C507E-C85E-4BC6-A3B0-549516BAB524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6514CDE8-35DC-469F-89A3-078684D18F7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4624565D-8F59-44A8-B7A8-01AD579745E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E08E70-1AF3-4BA5-9A09-06DFE9663ADE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"255B6F20-D32F-42C1-829C-AE9C7923558A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"90AE30DB-C448-4FE9-AC11-FF0F27CDA227\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"79ED3CE8-CC57-43AB-9A26-BBC87816062D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4310D2D9-A8A6-48F8-9384-0A0692A1E1C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9962B01C-C57C-4359-9532-676AB81CE8B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"62178549-B679-4902-BFDB-2993803B7FCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AD697DF-9738-4276-94ED-7B9380CD09F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"09FF5818-0803-4646-A386-D7C645EE58A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2229FA59-EB24-49A2-85CE-F529A8DE6BA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CB280D8-C5D8-4B51-A879-496ACCDE4538\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F3F54F1-75B3-400D-A735-2C27C8CEBE79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F96EBE9-2532-4E35-ABA5-CA68830476A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4D936AE-FD74-4823-A824-2D9F24C25BFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E117E493-F4E1-4568-88E3-F243C74A2662\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E3E308-FD9C-4686-8C35-8472A0E99F0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3683A8F5-EE0E-4936-A005-DF7F6B75DED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B615DBA-8C53-41D4-B264-D3EED8578471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3124DD0-9E42-4896-9060-CB7DD07FC342\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E949B21B-AD62-4022-9088-06313277479E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D862E6F-0D01-4B25-8340-888C30F75A2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F28F73E-8563-41B9-A313-BBAAD5B57A67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37D4694-C80B-475E-AB5B-BB431F59C5E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"19519212-51DD-4448-B115-8A20A40192CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC9909E-AE9F-414D-99B1-83AA04D5297B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:nfx150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9AE81FA-B0F3-4F0B-A2D1-2BB590345058\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:nfx250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EB08A27-7777-4538-ADC4-9D2F89963C13\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:nfx350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CB56048-A486-4A46-B438-CC3084BD9CB6\"}]}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA70596\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://supportportal.juniper.net/JSA70596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Junos OS: NFX Series: \u0027set system ports console insecure\u0027 allows root password recovery\", \"datePublic\": \"2023-04-12T00:00:00.000Z\", \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2023-04-17T00:00:00.000Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When \\\"set system ports console insecure\\\" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using \\\"set system root-authentication plain-text-password\\\" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.\"}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"version\": \"19.2\", \"status\": \"affected\", \"lessThan\": \"19.2R3-S7\", \"versionType\": \"custom\"}, {\"version\": \"19.3\", \"status\": \"affected\", \"lessThan\": \"19.3R3-S8\", \"versionType\": \"custom\"}, {\"version\": \"19.4\", \"status\": \"affected\", \"lessThan\": \"19.4R3-S12\", \"versionType\": \"custom\"}, {\"version\": \"20.2\", \"status\": \"affected\", \"lessThan\": \"20.2R3-S8\", \"versionType\": \"custom\"}, {\"version\": \"20.4\", \"status\": \"affected\", \"lessThan\": \"20.4R3-S7\", \"versionType\": \"custom\"}, {\"version\": \"21.1\", \"status\": \"affected\", \"lessThan\": \"21.1R3-S5\", \"versionType\": \"custom\"}, {\"version\": \"21.2\", \"status\": \"affected\", \"lessThan\": \"21.2R3-S4\", \"versionType\": \"custom\"}, {\"version\": \"21.3\", \"status\": \"affected\", \"lessThan\": \"21.3R3-S3\", \"versionType\": \"custom\"}, {\"version\": \"21.4\", \"status\": \"affected\", \"lessThan\": \"21.4R3-S2\", \"versionType\": \"custom\"}, {\"version\": \"22.1\", \"status\": \"affected\", \"lessThan\": \"22.1R3-S1\", \"versionType\": \"custom\"}, {\"version\": \"22.2\", \"status\": \"affected\", \"lessThan\": \"22.2R2-S1, 22.2R3\", \"versionType\": \"custom\"}, {\"version\": \"22.3\", \"status\": \"affected\", \"lessThan\": \"22.3R1-S2, 22.3R2\", \"versionType\": \"custom\"}], \"platforms\": [\"NFX Series\"]}], \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA70596\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT would like to acknowledge and thank Petri Saarenmaa from Netum for responsibly reporting this vulnerability.\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\"}}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"CWE\", \"lang\": \"en\", \"description\": \"CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)\", \"cweId\": \"CWE-59\"}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"source\": {\"advisory\": \"JSA70596\", \"defect\": [\"1669072\"], \"discovery\": \"EXTERNAL\"}, \"workarounds\": [{\"lang\": \"en\", \"value\": \"Limit console access to the device to only trusted administrators.\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.3R3-S3, 21.4R3-S2, 22.1R3-S1, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.\\n\"}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T13:51:38.970Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA70596\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28972\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-12T18:59:24.316486Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T19:20:36.320Z\"}}]}",
      "cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2023-28972\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"assignerShortName\": \"juniper\", \"dateUpdated\": \"2025-02-26T19:20:42.081Z\", \"dateReserved\": \"2023-03-29T00:00:00.000Z\", \"datePublished\": \"2023-04-17T00:00:00.000Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.