CVE-2020-1666

Опубликовано: 16 окт. 2020

Источник: nvd

CVSS3: 6.6

CVSS2: 7.2

EPSS Низкий

Описание

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.

Ссылки

https://kb.juniper.net/JSA11063
Vendor Advisory
https://kb.juniper.net/JSA11063
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00042

Низкий

6.6 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-284

CWE-613

Связанные уязвимости

GHSA-62gf-43c6-cfmp

github

больше 3 лет назад