Juniper Junos SRX Series Upgrade Handling Local Root Authentication Bypass (JSA10753)
High Nessus Plugin ID 92521
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a security bypass vulnerability due to a flaw that is triggered when using the partition option during an upgrade. A local attacker can exploit this to bypass authentication checks and access the root account with a blank password.
SolutionUpgrade to the relevant Junos software release referenced in Juniper advisory JSA10753.