Lucene search
HistoryJan 15, 2020 - 9:15 a.m.
CVE-2020-1606
juniper
networks
junos os
path traversal
vulnerability
cve-2020-1606
nvd
security
issue
authenticated user
file permissions
system files
version affected
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
39.6%
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with ‘world’ readable permission and delete files with ‘world’ writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2.
Affected configurations
Node
juniperjunosMatch12.3-
ORjuniperjunosMatch12.3r1
ORjuniperjunosMatch12.3r10-s1
ORjuniperjunosMatch12.3r10-s2
ORjuniperjunosMatch12.3r11
ORjuniperjunosMatch12.3r12
ORjuniperjunosMatch12.3r12-s1
ORjuniperjunosMatch12.3r12-s10
ORjuniperjunosMatch12.3r12-s11
ORjuniperjunosMatch12.3r12-s12
ORjuniperjunosMatch12.3r12-s3
ORjuniperjunosMatch12.3r12-s4
ORjuniperjunosMatch12.3r12-s6
ORjuniperjunosMatch12.3r12-s8
ORjuniperjunosMatch12.3r13
ORjuniperjunosMatch12.3r2
ORjuniperjunosMatch12.3r3
ORjuniperjunosMatch12.3r4
ORjuniperjunosMatch12.3r5
ORjuniperjunosMatch12.3r6
ORjuniperjunosMatch12.3r7
ORjuniperjunosMatch12.3r8
ORjuniperjunosMatch12.3r9
ORjuniperjunosMatch14.1x53-
ORjuniperjunosMatch14.1x53d10
ORjuniperjunosMatch14.1x53d15
ORjuniperjunosMatch14.1x53d16
ORjuniperjunosMatch14.1x53d25
ORjuniperjunosMatch14.1x53d26
ORjuniperjunosMatch14.1x53d27
ORjuniperjunosMatch14.1x53d30
ORjuniperjunosMatch14.1x53d35
ORjuniperjunosMatch14.1x53d40
ORjuniperjunosMatch14.1x53d45
ORjuniperjunosMatch14.1x53d48
ORjuniperjunosMatch14.1x53d49
ORjuniperjunosMatch15.1f6
ORjuniperjunosMatch15.1f6-s12
ORjuniperjunosMatch15.1f6-s3
ORjuniperjunosMatch15.1f6-s8
ORjuniperjunosMatch15.1r7-s1
ORjuniperjunosMatch15.1r7-s2
ORjuniperjunosMatch15.1r7-s3
ORjuniperjunosMatch15.1r7-s4
ORjuniperjunosMatch16.1-
ORjuniperjunosMatch16.1r1
ORjuniperjunosMatch16.1r2
ORjuniperjunosMatch16.1r3
ORjuniperjunosMatch16.1r3-s10
ORjuniperjunosMatch16.1r4
ORjuniperjunosMatch16.1r4-s3
ORjuniperjunosMatch16.1r4-s6
ORjuniperjunosMatch16.1r4-s9
ORjuniperjunosMatch16.1r5-s4
ORjuniperjunosMatch16.1r6-s1
ORjuniperjunosMatch16.1r7
ORjuniperjunosMatch16.1r7-s2
ORjuniperjunosMatch16.1r7-s3
ORjuniperjunosMatch16.1r7-s4
ORjuniperjunosMatch16.2-
ORjuniperjunosMatch16.2r1
ORjuniperjunosMatch16.2r2
ORjuniperjunosMatch16.2r2-s1
ORjuniperjunosMatch16.2r2-s2
ORjuniperjunosMatch16.2r2-s5
ORjuniperjunosMatch16.2r2-s6
ORjuniperjunosMatch16.2r2-s7
ORjuniperjunosMatch16.2r2-s8
ORjuniperjunosMatch16.2r2-s9
ORjuniperjunosMatch17.1-
ORjuniperjunosMatch17.1r1
ORjuniperjunosMatch17.1r2-s1
ORjuniperjunosMatch17.1r2-s10
ORjuniperjunosMatch17.1r2-s2
ORjuniperjunosMatch17.1r2-s3
ORjuniperjunosMatch17.1r2-s4
ORjuniperjunosMatch17.1r2-s5
ORjuniperjunosMatch17.1r2-s6
ORjuniperjunosMatch17.1r2-s7
ORjuniperjunosMatch17.1r2-s9
ORjuniperjunosMatch17.1r3
ORjuniperjunosMatch17.2-
ORjuniperjunosMatch17.2r1-s2
ORjuniperjunosMatch17.2r1-s4
ORjuniperjunosMatch17.2r1-s7
ORjuniperjunosMatch17.2r1-s8
ORjuniperjunosMatch17.2r2-s6
ORjuniperjunosMatch17.2r2-s7
ORjuniperjunosMatch17.2r3
ORjuniperjunosMatch17.2r3-s1
ORjuniperjunosMatch17.4-
ORjuniperjunosMatch17.4r1
ORjuniperjunosMatch17.4r1-s1
ORjuniperjunosMatch17.4r1-s2
ORjuniperjunosMatch17.4r1-s4
ORjuniperjunosMatch17.4r1-s6
ORjuniperjunosMatch17.4r1-s7
ORjuniperjunosMatch17.4r2
ORjuniperjunosMatch17.4r2-s1
ORjuniperjunosMatch17.4r2-s2
ORjuniperjunosMatch17.4r2-s3
ORjuniperjunosMatch17.4r2-s4
ORjuniperjunosMatch17.4r2-s5
ORjuniperjunosMatch17.4r2-s6
ORjuniperjunosMatch17.4r2-s7
ORjuniperjunosMatch17.4r2-s8
ORjuniperjunosMatch18.1-
ORjuniperjunosMatch18.1r2
ORjuniperjunosMatch18.1r2-s1
ORjuniperjunosMatch18.1r2-s2
ORjuniperjunosMatch18.1r2-s4
ORjuniperjunosMatch18.1r3
ORjuniperjunosMatch18.1r3-s1
ORjuniperjunosMatch18.1r3-s2
ORjuniperjunosMatch18.1r3-s3
ORjuniperjunosMatch18.1r3-s4
ORjuniperjunosMatch18.1r3-s5
ORjuniperjunosMatch18.1r3-s6
ORjuniperjunosMatch18.1r3-s7
ORjuniperjunosMatch18.2-
ORjuniperjunosMatch18.2r1-s5
ORjuniperjunosMatch18.2r2-s1
ORjuniperjunosMatch18.2r2-s2
ORjuniperjunosMatch18.2r2-s3
ORjuniperjunosMatch18.2r2-s4
ORjuniperjunosMatch18.3-
ORjuniperjunosMatch18.3r1
ORjuniperjunosMatch18.3r1-s1
ORjuniperjunosMatch18.3r1-s2
ORjuniperjunosMatch18.3r1-s3
ORjuniperjunosMatch18.3r2
ORjuniperjunosMatch18.3r2-s1
ORjuniperjunosMatch18.3r2-s2
ORjuniperjunosMatch18.4-
ORjuniperjunosMatch18.4r1
ORjuniperjunosMatch18.4r1-s1
ORjuniperjunosMatch18.4r1-s2
ORjuniperjunosMatch19.1r1
ORjuniperjunosMatch19.1r1-s1
ORjuniperjunosMatch19.1r1-s3
Node
junipersrx100Match-
ORjunipersrx110Match-
ORjunipersrx1400Match-
ORjunipersrx1500Match-
ORjunipersrx210Match-
ORjunipersrx220Match-
ORjunipersrx240Match-
ORjunipersrx300Match-
ORjunipersrx320Match-
ORjunipersrx340Match-
ORjunipersrx3400Match-
ORjunipersrx345Match-
ORjunipersrx3600Match-
ORjunipersrx4100Match-
ORjunipersrx4200Match-
ORjunipersrx4600Match-
ORjunipersrx5400Match-
ORjunipersrx550Match-
ORjunipersrx5600Match-
ORjunipersrx5800Match-
ORjunipersrx650Match-
juniperjunosMatch12.3x48d10
ORjuniperjunosMatch12.3x48d15
ORjuniperjunosMatch12.3x48d25
ORjuniperjunosMatch12.3x48d70
ORjuniperjunosMatch12.3x48d75
ORjuniperjunosMatch12.3x48d80
ORjuniperjunosMatch15.1x49d10
ORjuniperjunosMatch15.1x49d150
ORjuniperjunosMatch15.1x49d160
ORjuniperjunosMatch15.1x49d170
ORjuniperjunosMatch15.1x49d20
ORjuniperjunosMatch15.1x49d30
ORjuniperjunosMatch15.1x49d35
ORjuniperjunosMatch15.1x49d40
ORjuniperjunosMatch15.1x49d45
ORjuniperjunosMatch15.1x49d50
ORjuniperjunosMatch15.1x49d55
ORjuniperjunosMatch15.1x49d60
ORjuniperjunosMatch15.1x49d65
ORjuniperjunosMatch15.1x49d70
ORjuniperjunosMatch15.1x49d75
ORjuniperjunosMatch15.1x49d80
Node
juniperqfx5110Match-
ORjuniperqfx5200Match-
juniperjunosMatch15.1x53d20
ORjuniperjunosMatch15.1x53d21
ORjuniperjunosMatch15.1x53d210
ORjuniperjunosMatch15.1x53d230
ORjuniperjunosMatch15.1x53d231
ORjuniperjunosMatch15.1x53d232
ORjuniperjunosMatch15.1x53d233
ORjuniperjunosMatch15.1x53d234
ORjuniperjunosMatch15.1x53d235
ORjuniperjunosMatch15.1x53d236
ORjuniperjunosMatch15.1x53d237
ORjuniperjunosMatch15.1x53d25
ORjuniperjunosMatch15.1x53d30
ORjuniperjunosMatch15.1x53d31
ORjuniperjunosMatch15.1x53d32
ORjuniperjunosMatch15.1x53d33
ORjuniperjunosMatch15.1x53d34
ORjuniperjunosMatch15.1x53d40
ORjuniperjunosMatch15.1x53d45
ORjuniperjunosMatch15.1x53d56
ORjuniperjunosMatch15.1x53d60
ORjuniperjunosMatch15.1x53d61
ORjuniperjunosMatch15.1x53d62
ORjuniperjunosMatch15.1x53d63
ORjuniperjunosMatch15.1x53d65
CNA Affected
[
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S13",
"status": "affected",
"version": "12.3",
"versionType": "custom"
},
{
"lessThan": "14.1X53-D51",
"status": "affected",
"version": "14.1X53",
"versionType": "custom"
},
{
"lessThan": "15.1F6-S13",
"status": "affected",
"version": "15.1F6",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S5",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "16.1R4-S13, 16.1R7-S5",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "16.2R2-S10",
"status": "affected",
"version": "16.2",
"versionType": "custom"
},
{
"lessThan": "17.1R3-S1",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R1-S9, 17.2R3-S2",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S5",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S9, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S8",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S3, 18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S4, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3X48-D85",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D180",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
},
{
"platforms": [
"QFX5200/QFX5110 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1X53-D238",
"status": "affected",
"version": "15.1X53",
"versionType": "custom"
}
]
},
{
"platforms": [
"EX2300/EX3400 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1X53-D592",
"status": "affected",
"version": "15.1X53",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Path traversal
2020-01-15 09:15:00
jvn
jvn
JVN#07375820: Junos OS vulnerable to directory traversal
2020-01-10 00:00:00
nessus
nessus
Junos OS: Path traversal vulnerability in J-Web (JSA10985)
2020-01-17 00:00:00
cvelist
cvelist
CVE-2020-1606 Junos OS: Path traversal vulnerability in J-Web
2020-01-08 00:00:00
nvd
nvd
CVE-2020-1606
2020-01-15 09:15:12
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
39.6%
Related for CVE-2020-1606