Lucene search

JuniperVULNRICHMENT:CVE-2023-44187

HistoryOct 11, 2023 - 8:37 p.m.

CVE-2023-44187 Junos OS Evolved: 'file copy' CLI command can disclose password to shell users

2023-10-1120:37:23

CWE-200

juniper

github.com

junos os evolved

file copy command

sensitive information vulnerability

local attacker

unauthorized access

cli command-line

juniper networks

versions.

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An Exposure of Sensitive Information vulnerability in the ‘file copy’ command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.

This issue affects Juniper Networks Junos OS Evolved:

All versions prior to 20.4R3-S7-EVO;
21.1 versions 21.1R1-EVO and later;
21.2 versions prior to 21.2R3-S5-EVO;
21.3 versions prior to 21.3R3-S4-EVO;
21.4 versions prior to 21.4R3-S4-EVO;
22.1 versions prior to 22.1R3-S2-EVO;
22.2 versions prior to 22.2R2-EVO.

References

supportportal.juniper.net/JSA73151

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-44187