CVE-2020-1624 — Log File Information Exposure in Networks Junos OS Evolved

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 69.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedApr 8

Latest updateMay 24

Description

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDjuniper/junos_os_evolved< 19.1r1

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 19.1R1-EVO

🔴Vulnerability Details

GHSA

GHSA-hf43-vx6m-vr9g: A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files↗2022-05-24

▶

CVEList

Junos OS Evolved: objmon logs may leak sensitive information↗2020-04-08

▶

📋Vendor Advisories

Juniper

CVE-2020-1624: A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This iss↗2020-04-08

▶