CVE-2020-1619Improper Input Validation in Networks Junos OS

CWE-20Improper Input ValidationCWE-2644 documents4 sources
Severity
6.7MEDIUMNVD
CNA6.0
EPSS
0.0%
top 88.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 8
Latest updateMay 24

Description

A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11;

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os16.116.1R7-S6+10
NVDjuniper/junos11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-4vqp-7964-fg2v: A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (2022-05-24
CVEList
Junos OS: QFX10K Series, EX9200 Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE.2020-04-08

📋Vendor Advisories

1
Juniper
CVE-2020-1619: A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (2020-04-08
CVE-2020-1619 — Improper Input Validation | cvebase