What is CVE-2018-0044?

CVE-2018-0044 is a critical-severity vulnerability in Juniper Junos, classified under Improper Authentication. CVSS score: 9.8/10. Published 2018-10-10.

How severe is CVE-2018-0044?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Juniper Junos

CVE-2018-0044

An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the Permi…

Vulnerability class: Broken Authentication

EPSS: 0.013 (67.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Juniper Junos
Juniper Nfx150
Juniper Nfx250
Juniper Networks Junos Os — versions 18.1

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

sirt@juniper.net (x_refsource_CONFIRM, Vendor Advisory)
sirt@juniper.net (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2018-0044?: CVE-2018-0044 is a critical-severity vulnerability in Juniper Junos, classified under Improper Authentication. CVSS score: 9.8/10. Published 2018-10-10.
How severe is CVE-2018-0044?: Critical severity. CVSS v3 base score is 9.8 out of 10.