cve-2020-1624
Vulnerability from cvelistv5
Published
2020-04-08 19:25
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
Junos OS Evolved: objmon logs may leak sensitive information
References
▼ | URL | Tags | |
---|---|---|---|
sirt@juniper.net | https://kb.juniper.net/JSA11003 | Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Juniper Networks | Junos OS Evolved |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:46:29.739Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.juniper.net/JSA11003" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "19.1R1-EVO", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2020-04-08T00:00:00", "descriptions": [ { "lang": "en", "value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1." } ], "exploits": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-09T23:09:15", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.juniper.net/JSA11003" } ], "solutions": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R2-EVO, and all subsequent releases." } ], "source": { "advisory": "JSA11003", "defect": [ "1406239" ], "discovery": "INTERNAL" }, "title": "Junos OS Evolved: objmon logs may leak sensitive information", "workarounds": [ { "lang": "en", "value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-04-08T16:00:00.000Z", "ID": "CVE-2020-1624", "STATE": "PUBLIC", "TITLE": "Junos OS Evolved: objmon logs may leak sensitive information" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Junos OS Evolved", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "19.1R1-EVO" } ] } } ] }, "vendor_name": "Juniper Networks" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1." } ] }, "exploit": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-532 Information Exposure Through Log Files" } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.juniper.net/JSA11003", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11003" } ] }, "solution": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R2-EVO, and all subsequent releases." } ], "source": { "advisory": "JSA11003", "defect": [ "1406239" ], "discovery": "INTERNAL" }, "work_around": [ { "lang": "en", "value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI." } ] } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2020-1624", "datePublished": "2020-04-08T19:25:57.553464Z", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-09-17T02:16:29.627Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-1624\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2020-04-08T20:15:13.840\",\"lastModified\":\"2020-04-10T17:28:37.580\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1.\"},{\"lang\":\"es\",\"value\":\"Un usuario local autenticado con shell puede obtener los valores de las contrase\u00f1as de inicio de sesi\u00f3n del hash y los secretos compartidos por medio de archivos de configuraci\u00f3n objmon sin procesar. Este problema afecta a todas las versiones de Junos OS Evolved anteriores a 19.1R1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.1},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.1r1\",\"matchCriteriaId\":\"09FA33C7-BE93-4249-8EC0-4B462DED1507\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA11003\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.