What is CVE-2023-28972?

CVE-2023-28972 is a medium-severity vulnerability in Juniper Junos, classified under Improper Link Resolution Before File Access. CVSS score: 6.8/10. Published 2023-04-17.

How severe is CVE-2023-28972?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Juniper Junos

CVE-2023-28972

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root…

EPSS: 0.004 (27.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Juniper Junos — versions 19.2, 19.3, 19.4
Juniper Nfx150
Juniper Nfx250
Juniper Nfx350
Juniper Networks Junos Os — versions 19.2, 19.3, 19.4

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

sirt@juniper.net (Vendor Advisory)

Frequently asked questions

What is CVE-2023-28972?: CVE-2023-28972 is a medium-severity vulnerability in Juniper Junos, classified under Improper Link Resolution Before File Access. CVSS score: 6.8/10. Published 2023-04-17.
How severe is CVE-2023-28972?: Medium severity. CVSS v3 base score is 6.8 out of 10.