Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1669

Опубликовано: 16 окт. 2020
Источник: nvd
CVSS3: 6.3
CVSS2: 2.1
EPSS Низкий

Описание

The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*
cpe:2.3:h:juniper:nfx350:-:*:*:*:*:*:*:*

EPSS

Процентиль: 16%
0.00051
Низкий

6.3 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-256
CWE-522

Связанные уязвимости

github логотип

GHSA-9pj7-q8h3-hrhp

github
больше 3 лет назад

The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.

EPSS

Процентиль: 16%
0.00051
Низкий

6.3 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-256
CWE-522