- Description
- Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
- Source
- sirt@juniper.net
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0"
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]