If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumente
If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to…
| Vendor | Product | Versions |
|---|---|---|
| Juniper Networks | Junos OS | 12.1X46, 12.3X48, 15.1X49 |
| Juniper Networks | Junos OS | 12.3, 15.1, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.2X75 |
| Juniper Networks | Junos OS | 14.1X53 |
| Juniper Networks | Junos OS | 15.1X53 |
| Juniper Networks | Junos OS | 15.1X53 |
| Juniper Networks | Junos OS | 15.1X53 |
| Juniper Networks | Junos OS | 15.1X53 |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.