CVE-2023-28960Incorrect Permission Assignment in Networks Junos OS Evolved

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.1%
top 84.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedApr 17
Latest updateApr 18

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then inadvertently start the Docker container leading to the malicious files being executed as root. This issue only affects systems with Docker configured and enabled, which is not enabled by default. Systems witho

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved20.420.4R3-S5-EVO+3
NVDjuniper/junos_os_evolved4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-8xqp-9h4v-j8vf: An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileg2023-04-18
CVEList
Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers2023-04-17

📋Vendor Advisories

1
Juniper
CVE-2023-28960: An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileg2023-04-17
CVE-2023-28960 — Incorrect Permission Assignment | cvebase