2015-10 Security Bulletin: Junos: Corrupt pam.conf file allows unauthenticated root access (CVE-2015-7751) Product Affected Severity: Medium CVSS Score: 6.7 Affected: Any product or platform running Junos OS Problem Description: A corrupted pam.conf file may allow root access without a password, increasing the risk of multi-stage attacks. Additional Risk: Unauthorized modification of pam.conf by administrators can also lead to unauthenticated root access. Solution Fixed in: Junos OS versions 12.1X44-D50 and newer, including specific releases and subsequent versions. Source: Identified during internal product security testing. Workaround Recommendation: Use access lists or firewall filters to limit CLI access to trusted hosts only, and limit SSH/telnet access as a best practice. Severity Assessment CVSS Details: Available in KB16446 for comprehensive scoring. Modification History 2015-10-14: Initial publication. 2015-10-15: Removed 'chflags' workaround due to operational issues. Additional Resources Documentation on vulnerability scoring and Juniper's security advisories available in KB16446.