Juniper Networks Junos OS Origin Validation Error Vulnerability on EX4600 and QFX5000 Series Switches

A vulnerability allowing origin validation errors has been identified in Juniper Networks Junos OS, specifically on EX4600 Series and QFX5000 Series switches. This vulnerability allows an unauthenticated attacker with physical access to the device to create a backdoor, granting complete control over the system. The issue arises when a device is not configured with a root password, enabling an attacker to modify a specific file. The alterations are then silently integrated into the Junos configuration, without visibility to the operator. This covertly added configuration can include users, IP addresses, and other settings that might facilitate unauthorized access to the device. Notably, this backdoor persists across reboots and even after a zeroization process. The compromised file is located in the /etc/config/ directory, and its unexpected modifications can be compared against an unaltered version from the original Juniper software image. To restore the device to a trusted state, a reinstallation from physical media is required.

Impact

Exploitation of this vulnerability allows for unauthorized access and control over the affected system, with changes persisting across reboots and zeroization processes.

Remediation

To address this vulnerability, the device should be reinstalled from physical media. Instructions for performing a recovery installation using a USB emergency boot device are available in the Juniper Support Portal.