CVE-2025-59957

Опубликовано: 09 окт. 2025

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

When a device isn't configured with a root password, an attacker can modify a specific file. It's contents will be added to the Junos configuration of the device without being visible. This allows for the addition of any configuration unknown

to the actual operator, which includes users, IP addresses and other configuration which could allow unauthorized access to the device. This exploit is persistent across reboots and even zeroization.

The indicator of compromise is a modified /etc/config/-defaults[-flex].conf file. Review that file for unexpected configuration statements, or compare it to an unmodified version which can be extracted from the original Juniper software image file. For details on

Ссылки

https://support.juniper.net/support/requesting-support/
Vendor Advisory
https://supportportal.juniper.net/JSA103146
Vendor Advisory
https://supportportal.juniper.net/s/article/EX-QFX-Procedure-to-format-install-QFX5K-device-using-a-USB
Technical Description

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*

Версия до 21.4 (исключая)

cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*

Одно из

cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00012

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-346

Связанные уязвимости

GHSA-f6j3-wrc2-m228

CVSS3: 6.8

github

4 месяца назад

An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. When a device isn't configured with a root password, an attacker can modify a specific file. It's contents will be added to the Junos configuration of the device without being visible. This allows for the addition of any configuration unknown to the actual operator, which includes users, IP addresses and other configuration which could allow unauthorized access to the device. This exploit is persistent across reboots and even zeroization. The indicator of compromise is a modified /etc/config/<platform>-defaults[-flex].conf file. Review that file for unexpected configuration statements, or compare it to an unmodified version which can be extracted from the original Juniper software image file. For details ...

EPSS

Процентиль: 1%

0.00012

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-346