CVE-2023-28972: Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery
First published: Mon Apr 17 2023(Updated: )
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =19.2 | |
| Juniper JUNOS | =19.2-r1 | |
| Juniper JUNOS | =19.2-r1-s1 | |
| Juniper JUNOS | =19.2-r1-s2 | |
| Juniper JUNOS | =19.2-r1-s3 | |
| Juniper JUNOS | =19.2-r1-s4 | |
| Juniper JUNOS | =19.2-r1-s5 | |
| Juniper JUNOS | =19.2-r1-s6 | |
| Juniper JUNOS | =19.2-r1-s7 | |
| Juniper JUNOS | =19.2-r1-s8 | |
| Juniper JUNOS | =19.2-r1-s9 | |
| Juniper JUNOS | =19.2-r2 | |
| Juniper JUNOS | =19.2-r2-s1 | |
| Juniper JUNOS | =19.2-r3 | |
| Juniper JUNOS | =19.2-r3-s1 | |
| Juniper JUNOS | =19.2-r3-s2 | |
| Juniper JUNOS | =19.2-r3-s3 | |
| Juniper JUNOS | =19.2-r3-s4 | |
| Juniper JUNOS | =19.2-r3-s5 | |
| Juniper JUNOS | =19.2-r3-s6 | |
| Juniper JUNOS | =19.3 | |
| Juniper JUNOS | =19.3-r1 | |
| Juniper JUNOS | =19.3-r1-s1 | |
| Juniper JUNOS | =19.3-r2 | |
| Juniper JUNOS | =19.3-r2-s1 | |
| Juniper JUNOS | =19.3-r2-s2 | |
| Juniper JUNOS | =19.3-r2-s3 | |
| Juniper JUNOS | =19.3-r2-s4 | |
| Juniper JUNOS | =19.3-r2-s5 | |
| Juniper JUNOS | =19.3-r2-s6 | |
| Juniper JUNOS | =19.3-r2-s7 | |
| Juniper JUNOS | =19.3-r3 | |
| Juniper JUNOS | =19.3-r3-s1 | |
| Juniper JUNOS | =19.3-r3-s2 | |
| Juniper JUNOS | =19.3-r3-s3 | |
| Juniper JUNOS | =19.3-r3-s4 | |
| Juniper JUNOS | =19.3-r3-s5 | |
| Juniper JUNOS | =19.3-r3-s6 | |
| Juniper JUNOS | =19.3-r3-s7 | |
| Juniper JUNOS | =19.4 | |
| Juniper JUNOS | =19.4-r1 | |
| Juniper JUNOS | =19.4-r1-s1 | |
| Juniper JUNOS | =19.4-r1-s2 | |
| Juniper JUNOS | =19.4-r1-s3 | |
| Juniper JUNOS | =19.4-r1-s4 | |
| Juniper JUNOS | =19.4-r2 | |
| Juniper JUNOS | =19.4-r2-s1 | |
| Juniper JUNOS | =19.4-r2-s2 | |
| Juniper JUNOS | =19.4-r2-s3 | |
| Juniper JUNOS | =19.4-r2-s4 | |
| Juniper JUNOS | =19.4-r2-s5 | |
| Juniper JUNOS | =19.4-r2-s6 | |
| Juniper JUNOS | =19.4-r2-s7 | |
| Juniper JUNOS | =19.4-r3 | |
| Juniper JUNOS | =19.4-r3-s1 | |
| Juniper JUNOS | =19.4-r3-s10 | |
| Juniper JUNOS | =19.4-r3-s11 | |
| Juniper JUNOS | =19.4-r3-s2 | |
| Juniper JUNOS | =19.4-r3-s3 | |
| Juniper JUNOS | =19.4-r3-s4 | |
| Juniper JUNOS | =19.4-r3-s5 | |
| Juniper JUNOS | =19.4-r3-s6 | |
| Juniper JUNOS | =19.4-r3-s7 | |
| Juniper JUNOS | =19.4-r3-s8 | |
| Juniper JUNOS | =19.4-r3-s9 | |
| Juniper JUNOS | =20.2 | |
| Juniper JUNOS | =20.2-r1 | |
| Juniper JUNOS | =20.2-r1-s1 | |
| Juniper JUNOS | =20.2-r1-s2 | |
| Juniper JUNOS | =20.2-r1-s3 | |
| Juniper JUNOS | =20.2-r2 | |
| Juniper JUNOS | =20.2-r2-s1 | |
| Juniper JUNOS | =20.2-r2-s2 | |
| Juniper JUNOS | =20.2-r2-s3 | |
| Juniper JUNOS | =20.2-r3 | |
| Juniper JUNOS | =20.2-r3-s1 | |
| Juniper JUNOS | =20.2-r3-s2 | |
| Juniper JUNOS | =20.2-r3-s3 | |
| Juniper JUNOS | =20.2-r3-s4 | |
| Juniper JUNOS | =20.2-r3-s5 | |
| Juniper JUNOS | =20.2-r3-s6 | |
| Juniper JUNOS | =20.2-r3-s7 | |
| Juniper JUNOS | =20.4 | |
| Juniper JUNOS | =20.4-r1 | |
| Juniper JUNOS | =20.4-r1-s1 | |
| Juniper JUNOS | =20.4-r2 | |
| Juniper JUNOS | =20.4-r2-s1 | |
| Juniper JUNOS | =20.4-r2-s2 | |
| Juniper JUNOS | =20.4-r3 | |
| Juniper JUNOS | =20.4-r3-s1 | |
| Juniper JUNOS | =20.4-r3-s2 | |
| Juniper JUNOS | =20.4-r3-s3 | |
| Juniper JUNOS | =20.4-r3-s4 | |
| Juniper JUNOS | =20.4-r3-s5 | |
| Juniper JUNOS | =20.4-r3-s6 | |
| Juniper JUNOS | =21.1 | |
| Juniper JUNOS | =21.1-r1 | |
| Juniper JUNOS | =21.1-r1-s1 | |
| Juniper JUNOS | =21.1-r2 | |
| Juniper JUNOS | =21.1-r2-s1 | |
| Juniper JUNOS | =21.1-r2-s2 | |
| Juniper JUNOS | =21.1-r3 | |
| Juniper JUNOS | =21.1-r3-s1 | |
| Juniper JUNOS | =21.1-r3-s2 | |
| Juniper JUNOS | =21.1-r3-s3 | |
| Juniper JUNOS | =21.1-r3-s4 | |
| Juniper JUNOS | =21.2 | |
| Juniper JUNOS | =21.2-r1 | |
| Juniper JUNOS | =21.2-r1-s1 | |
| Juniper JUNOS | =21.2-r1-s2 | |
| Juniper JUNOS | =21.2-r2 | |
| Juniper JUNOS | =21.2-r2-s1 | |
| Juniper JUNOS | =21.2-r2-s2 | |
| Juniper JUNOS | =21.2-r3 | |
| Juniper JUNOS | =21.2-r3-s1 | |
| Juniper JUNOS | =21.2-r3-s2 | |
| Juniper JUNOS | =21.2-r3-s3 | |
| Juniper JUNOS | =21.3 | |
| Juniper JUNOS | =21.3-r1 | |
| Juniper JUNOS | =21.3-r1-s1 | |
| Juniper JUNOS | =21.3-r1-s2 | |
| Juniper JUNOS | =21.3-r2 | |
| Juniper JUNOS | =21.3-r2-s1 | |
| Juniper JUNOS | =21.3-r2-s2 | |
| Juniper JUNOS | =21.3-r3 | |
| Juniper JUNOS | =21.3-r3-s1 | |
| Juniper JUNOS | =21.3-r3-s2 | |
| Juniper JUNOS | =21.4 | |
| Juniper JUNOS | =21.4-r1 | |
| Juniper JUNOS | =21.4-r1-s1 | |
| Juniper JUNOS | =21.4-r1-s2 | |
| Juniper JUNOS | =21.4-r2 | |
| Juniper JUNOS | =21.4-r2-s1 | |
| Juniper JUNOS | =21.4-r2-s2 | |
| Juniper JUNOS | =21.4-r3 | |
| Juniper JUNOS | =21.4-r3-s1 | |
| Juniper JUNOS | =22.1-r1 | |
| Juniper JUNOS | =22.1-r1-s1 | |
| Juniper JUNOS | =22.1-r1-s2 | |
| Juniper JUNOS | =22.1-r2 | |
| Juniper JUNOS | =22.1-r2-s1 | |
| Juniper JUNOS | =22.1-r2-s2 | |
| Juniper JUNOS | =22.1-r3 | |
| Juniper JUNOS | =22.2-r1 | |
| Juniper JUNOS | =22.2-r1-s1 | |
| Juniper JUNOS | =22.2-r1-s2 | |
| Juniper JUNOS | =22.2-r2 | |
| Juniper JUNOS | =22.3-r1 | |
| Juniper JUNOS | =22.3-r1-s1 | |
| Juniper Nfx150 | ||
| Juniper Nfx250 | ||
| Juniper Nfx350 |
Remedy
The following software releases have been updated to resolve this specific issue: 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.3R3-S3, 21.4R3-S2, 22.1R3-S1, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/19.2
- version/juniper junos/19.2-r1
- version/juniper junos/19.2-r1-s1
- version/juniper junos/19.2-r1-s2
- version/juniper junos/19.2-r1-s3
- version/juniper junos/19.2-r1-s4
- version/juniper junos/19.2-r1-s5
- version/juniper junos/19.2-r1-s6
- version/juniper junos/19.2-r1-s7
- version/juniper junos/19.2-r1-s8
- version/juniper junos/19.2-r1-s9
- version/juniper junos/19.2-r2
- version/juniper junos/19.2-r2-s1
- version/juniper junos/19.2-r3
- version/juniper junos/19.2-r3-s1
- version/juniper junos/19.2-r3-s2
- version/juniper junos/19.2-r3-s3
- version/juniper junos/19.2-r3-s4
- version/juniper junos/19.2-r3-s5
- version/juniper junos/19.2-r3-s6
- version/juniper junos/19.3
- version/juniper junos/19.3-r1
- version/juniper junos/19.3-r1-s1
- version/juniper junos/19.3-r2
- version/juniper junos/19.3-r2-s1
- version/juniper junos/19.3-r2-s2
- version/juniper junos/19.3-r2-s3
- version/juniper junos/19.3-r2-s4
- version/juniper junos/19.3-r2-s5
- version/juniper junos/19.3-r2-s6
- version/juniper junos/19.3-r2-s7
- version/juniper junos/19.3-r3
- version/juniper junos/19.3-r3-s1
- version/juniper junos/19.3-r3-s2
- version/juniper junos/19.3-r3-s3
- version/juniper junos/19.3-r3-s4
- version/juniper junos/19.3-r3-s5
- version/juniper junos/19.3-r3-s6
- version/juniper junos/19.3-r3-s7
- version/juniper junos/19.4
- version/juniper junos/19.4-r1
- version/juniper junos/19.4-r1-s1
- version/juniper junos/19.4-r1-s2
- version/juniper junos/19.4-r1-s3
- version/juniper junos/19.4-r1-s4
- version/juniper junos/19.4-r2
- version/juniper junos/19.4-r2-s1
- version/juniper junos/19.4-r2-s2
- version/juniper junos/19.4-r2-s3
- version/juniper junos/19.4-r2-s4
- version/juniper junos/19.4-r2-s5
- version/juniper junos/19.4-r2-s6
- version/juniper junos/19.4-r2-s7
- version/juniper junos/19.4-r3
- version/juniper junos/19.4-r3-s1
- version/juniper junos/19.4-r3-s10
- version/juniper junos/19.4-r3-s11
- version/juniper junos/19.4-r3-s2
- version/juniper junos/19.4-r3-s3
- version/juniper junos/19.4-r3-s4
- version/juniper junos/19.4-r3-s5
- version/juniper junos/19.4-r3-s6
- version/juniper junos/19.4-r3-s7
- version/juniper junos/19.4-r3-s8
- version/juniper junos/19.4-r3-s9
- version/juniper junos/20.2
- version/juniper junos/20.2-r1
- version/juniper junos/20.2-r1-s1
- version/juniper junos/20.2-r1-s2
- version/juniper junos/20.2-r1-s3
- version/juniper junos/20.2-r2
- version/juniper junos/20.2-r2-s1
- version/juniper junos/20.2-r2-s2
- version/juniper junos/20.2-r2-s3
- version/juniper junos/20.2-r3
- version/juniper junos/20.2-r3-s1
- version/juniper junos/20.2-r3-s2
- version/juniper junos/20.2-r3-s3
- version/juniper junos/20.2-r3-s4
- version/juniper junos/20.2-r3-s5
- version/juniper junos/20.2-r3-s6
- version/juniper junos/20.2-r3-s7
- version/juniper junos/20.4
- version/juniper junos/20.4-r1
- version/juniper junos/20.4-r1-s1
- version/juniper junos/20.4-r2
- version/juniper junos/20.4-r2-s1
- version/juniper junos/20.4-r2-s2
- version/juniper junos/20.4-r3
- version/juniper junos/20.4-r3-s1
- version/juniper junos/20.4-r3-s2
- version/juniper junos/20.4-r3-s3
- version/juniper junos/20.4-r3-s4
- version/juniper junos/20.4-r3-s5
- version/juniper junos/20.4-r3-s6
- version/juniper junos/21.1
- version/juniper junos/21.1-r1
- version/juniper junos/21.1-r1-s1
- version/juniper junos/21.1-r2
- version/juniper junos/21.1-r2-s1
- version/juniper junos/21.1-r2-s2
- version/juniper junos/21.1-r3
- version/juniper junos/21.1-r3-s1
- version/juniper junos/21.1-r3-s2
- version/juniper junos/21.1-r3-s3
- version/juniper junos/21.1-r3-s4
- version/juniper junos/21.2
- version/juniper junos/21.2-r1
- version/juniper junos/21.2-r1-s1
- version/juniper junos/21.2-r1-s2
- version/juniper junos/21.2-r2
- version/juniper junos/21.2-r2-s1
- version/juniper junos/21.2-r2-s2
- version/juniper junos/21.2-r3
- version/juniper junos/21.2-r3-s1
- version/juniper junos/21.2-r3-s2
- version/juniper junos/21.2-r3-s3
- version/juniper junos/21.3
- version/juniper junos/21.3-r1
- version/juniper junos/21.3-r1-s1
- version/juniper junos/21.3-r1-s2
- version/juniper junos/21.3-r2
- version/juniper junos/21.3-r2-s1
- version/juniper junos/21.3-r2-s2
- version/juniper junos/21.3-r3
- version/juniper junos/21.3-r3-s1
- version/juniper junos/21.3-r3-s2
- version/juniper junos/21.4
- version/juniper junos/21.4-r1
- version/juniper junos/21.4-r1-s1
- version/juniper junos/21.4-r1-s2
- version/juniper junos/21.4-r2
- version/juniper junos/21.4-r2-s1
- version/juniper junos/21.4-r2-s2
- version/juniper junos/21.4-r3
- version/juniper junos/21.4-r3-s1
- version/juniper junos/22.1-r1
- version/juniper junos/22.1-r1-s1
- version/juniper junos/22.1-r1-s2
- version/juniper junos/22.1-r2
- version/juniper junos/22.1-r2-s1
- version/juniper junos/22.1-r2-s2
- version/juniper junos/22.1-r3
- version/juniper junos/22.2-r1
- version/juniper junos/22.2-r1-s1
- version/juniper junos/22.2-r1-s2
- version/juniper junos/22.2-r2
- version/juniper junos/22.3-r1
- version/juniper junos/22.3-r1-s1
- canonical/juniper nfx150
- canonical/juniper nfx250
- canonical/juniper nfx350