Juniper has released a security update that fixes an insecure sshd configuration in Juniper Device Manager (JDM) and host OS (CVE-2018-0044).
This issue affects Junos OS 18.1 on NFX platforms.
According to the Juniper security bulletin:
“An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. he affected SSHD configuration has the PermitEmptyPasswords option set to ‘yes’.”
Juniper also stated that the issue is only exploitable when there are user or system accounts that use blank or empty passwords configured on JDM or host OS.