CVE-2020-1620 — Improper Control of a Resource Through its Lifetime in Networks Junos OS Evolved

CWE-664 — Improper Control of a Resource Through its Lifetime CWE-532 — Log File Information Exposure4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 67.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedApr 8

Latest updateMay 24

Description

A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDjuniper/junos_os_evolved< 19.3r1

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 19.3R1-EVO

🔴Vulnerability Details

GHSA

GHSA-36rr-mv68-7vvr: A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log↗2022-05-24

▶

CVEList

Junos OS Evolved: Configd leaks hashes via log file and is world readable↗2020-04-08

▶

📋Vendor Advisories

Juniper

CVE-2020-1620: A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Ju↗2020-04-08

▶