CVE-2026-33784
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A Use of Default Password vulnerability in the Juniper Networks
Support Insights (JSI)
Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.
vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | JSI LWC | 0 < 3.0.94 | affected |
Weaknesses
- CWE-1393: CWE-1393 Use of Default Password
Workarounds
The password can be changed in the setup menu of the device, which is described at Configure Network Settings through JSI Shell | Juniper Support Insights | Juniper Networks https://www.juniper.net/documentation/us/en/software/jsi/vlwc-deploy/topics/topic-map/configure-settings-jsi-shell.html
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.