Juniper Networks Junos OS FTP Server Authentication Bypass Vulnerability Allowing Unauthorized Read-Write File Access

A vulnerability in the FTP server of Juniper Networks Junos OS has been identified, allowing an unauthenticated, network-based attacker to bypass authentication and gain limited read-write access to files on the device. This issue arises when the FTP server is enabled and a user named 'ftp' or 'anonymous' is configured. In such cases, the user can log in without providing the correct password and access their home directory. This vulnerability affects all Junos OS versions prior to 22.4R3-S8, as well as 23.2 versions prior to 23.2R2-S3 and 23.4 versions prior to 23.4R2.

Impact

Exploitation of this vulnerability allows for authentication bypass, granting unauthorized users read-write access to files in the home directory of the 'ftp' or 'anonymous' user on the affected device.