Juniper Networks Support Insights Virtual Lightweight Collector Default Password Vulnerability Allowing Unauthorized High-Privileged Access
Vulnerability
A vulnerability allowing unauthorized high-privileged access has been identified in all versions of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) prior to 3.0.94. This vulnerability arises from the software being shipped with a default password for a high-privileged account, which is not required to be changed during the initial setup. As a result, an unauthenticated, network-based attacker could gain full control of the device.
Impact
Exploitation of this vulnerability allows for unauthorized access to the device with high privileges, enabling full control over the system.
Remediation
Users can change the default password in the setup menu of the device. Instructions for configuring network settings through the JSI shell are available on the Juniper Networks documentation site. Additionally, updating to vLWC version 3.0.94 or later will resolve this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.