Juniper Junos SRX Integrated User Firewall Hardcoded Credentials (JSA10791)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version and configuration, the remote
Juniper Junos device has hardcoded credentials for the Integrated User
Firewall (UserFW) services authentication API. An unauthenticated,
remote attacker can exploit this to gain administrative access to the
device.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10791

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10791.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Junos Local Security Checks

Nessus Plugin ID: 102704 ()

Bugtraq ID:

CVE ID: CVE-2017-2343

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now