CVE-2023-28960

🗓️ 17 Apr 2023 00:00:00Reported by juniperType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 46 Views

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then inadvertently start the Docker container leading to the malicious files being executed as root. This issue only affects systems with Docker configured and enabled, which is not enabled by default. Systems without Docker started are not vulnerable to this issue. This issue affects Juniper Networks Junos OS Evolved: 20.4 versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-28960	18 Apr 202302:28	–	circl
CNNVD	Juniper Networks Junos OS Evolved 安全漏洞	17 Apr 202300:00	–	cnnvd
Cvelist	CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers	17 Apr 202300:00	–	cvelist
EUVD	EUVD-2023-32578	3 Oct 202520:07	–	euvd
Tenable Nessus	Juniper Junos OS Vulnerability (JSA70585)	13 Apr 202300:00	–	nessus
NCSC	Vulnerabilities fixed in Juniper JunOS	13 Apr 202300:00	–	ncsc
NVD	CVE-2023-28960	17 Apr 202322:15	–	nvd
Prion	Code injection	17 Apr 202322:15	–	prion
Vulnrichment	CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers	17 Apr 202300:00	–	vulnrichment

NVD

Vulners

Node

juniper junos_os_evolvedMatch20.4-

juniper junos_os_evolvedMatch20.4r1

juniper junos_os_evolvedMatch20.4r1-s1

juniper junos_os_evolvedMatch20.4r1-s2

juniper junos_os_evolvedMatch20.4r2

juniper junos_os_evolvedMatch20.4r2-s1

juniper junos_os_evolvedMatch20.4r2-s2

juniper junos_os_evolvedMatch20.4r2-s3

juniper junos_os_evolvedMatch20.4r3

juniper junos_os_evolvedMatch20.4r3-s1

juniper junos_os_evolvedMatch20.4r3-s2

juniper junos_os_evolvedMatch20.4r3-s3

juniper junos_os_evolvedMatch20.4r3-s4

juniper junos_os_evolvedMatch21.2-

juniper junos_os_evolvedMatch21.2r1

juniper junos_os_evolvedMatch21.2r1-s1

juniper junos_os_evolvedMatch21.2r1-s2

juniper junos_os_evolvedMatch21.2r2

juniper junos_os_evolvedMatch21.2r2-s1

juniper junos_os_evolvedMatch21.2r2-s2

juniper junos_os_evolvedMatch21.3-

juniper junos_os_evolvedMatch21.3r1

juniper junos_os_evolvedMatch21.3r1-s1

juniper junos_os_evolvedMatch21.3r2

juniper junos_os_evolvedMatch21.3r2-s1

juniper junos_os_evolvedMatch21.3r2-s2

juniper junos_os_evolvedMatch21.4-

juniper junos_os_evolvedMatch21.4r1

juniper junos_os_evolvedMatch21.4r1-s1

juniper junos_os_evolvedMatch21.4r1-s2

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "19.2R1-EVO",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "20.4",
        "status": "affected",
        "lessThan": "20.4R3-S5-EVO",
        "versionType": "custom"
      },
      {
        "version": "21.2",
        "status": "affected",
        "lessThan": "21.2R3-EVO",
        "versionType": "custom"
      },
      {
        "version": "21.3",
        "status": "affected",
        "lessThan": "21.3R3-EVO",
        "versionType": "custom"
      },
      {
        "version": "21.4",
        "status": "affected",
        "lessThan": "21.4R2-EVO",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
supportportal	www.supportportal.juniper.net/JSA70585

21 Nov 2024 07:56Current

8High risk

Vulners AI Score8

CVSS 3.18.2

EPSS0.00109

SSVC

CWE-732