Approved changes feed: RSS · Atom
cpe:2.3:a:juniper_networks:jsi_lwc:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Juniper Networks (75c1b4ad-b137-51c1-bf9a-3bc90c5e98be) |
|---|---|
| Product | Jsi Lwc (c08e3e87-e7ac-54c0-8ccd-58846a914c69) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-33784 |
vulnerable | 2026-06-03 15:20:45.623925 |
JSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged access
CRITICAL (9.8)
A Use of Default Password vulnerability in the Juniper Networks
Support Insights (JSI)
Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.
vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94.
Published: 2026-04-09T21:36:37.519Z
Updated: 2026-04-13T18:06:19.017Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-21915 |
vulnerable | 2026-06-03 15:15:52.161916 |
JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root
MEDIUM (6.7)
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root.
The CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system.
This issue affects all JSI vLWC versions before 3.0.94.
Published: 2026-04-09T21:26:28.357Z
Updated: 2026-04-13T13:04:16.101Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.