CVE-2020-1606Path Traversal in Networks Junos OS

CWE-22Path Traversal4 documents4 sources
Severity
8.1HIGHNVD
CNA5.4
EPSS
0.3%
top 45.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15
Latest updateMay 24

Description

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5juniper_networks/junos_os12.312.3R12-S13+18
NVDjuniper/junos16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-cvvm-qm6p-fg85: A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permi2022-05-24
CVEList
Junos OS: Path traversal vulnerability in J-Web2020-01-15

📋Vendor Advisories

1
Juniper
CVE-2020-1606: A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permi2020-01-15
CVE-2020-1606 — Path Traversal in Networks Junos OS | cvebase