CVE-2020-1630 — Time-of-check Time-of-use (TOCTOU) Race Condition in Networks Junos OS

CWE-264 CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition4 documents4 sources

Severity

5.5MEDIUMNVD

CNA5.0

EPSS

0.0%

top 91.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 8

Latest updateMay 24

Description

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE or stand-alone configuration. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S14; 12.3X48 versions prior to 12.3X48-D…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os12.3 — 12.3R12-S14+17

▶NVDjuniper/junos19 versions+18

🔴Vulnerability Details

GHSA

GHSA-2xmj-7fxc-h97c: A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-avai↗2022-05-24

▶

CVEList

Junos OS: Privilege escalation vulnerability in dual REs, VC or HA cluster may allow unauthorized configuration change.↗2020-04-08

▶

📋Vendor Advisories

Juniper

CVE-2020-1630: A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-avai↗2020-04-08

▶