Juniper Networks Junos OS
Moderate fix6 remedies
cpe:2.3:h:juniper:junos:*:*:*:*:*:*:*, +3 more
Moderate fix6 remedies
- < 22.4R3-S8
- >= 23.2, < 23.2R2-S4
- >= 23.4, < 23.4R2-S5
- >= 24.2, < 24.2R2-S1
- >= 24.4, < 24.4R1-S3
- >= 24.4R2
Juniper Networks Junos OS and Junos OS Evolved RADIUS Client Password Aging Vulnerability
Vulnerability
Patched
A vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows authenticated, network-based attackers to access devices without enforcing mandatory password changes. This issue affects devices that permit logins from users whose passwords have expired, as indicated by a RADIUS server rejection. The vulnerability arises because the policy requiring password updates is not applied, enabling access with correct but expired passwords. This issue impacts multiple versions across both Junos OS and Junos OS Evolved.
Impact
Exploitation of this vulnerability allows authenticated users to bypass password expiration policies, gaining unauthorized access to the device with expired passwords.
Added: Oct 9, 2025, 5:19 PM
Updated: Oct 9, 2025, 5:19 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
0.0exploitability
4.9remediation
7.7relevance
0.6threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.