CVE-2023-28978 — Initialization of a Resource with an Insecure Default in Networks Junos OS Evolved

CWE-1188 — Initialization of a Resource with an Insecure Default4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 38.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedApr 17

Latest updateApr 18

Description

An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about locally configured (administrative) users of the affected system. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S7-EVO on pending commit???; 21.1-EVO versions prior to 21.1R3-S4-EVO on await…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved21.3R1-EVO — 21.3-EVO*+3

▶NVDjuniper/junos_os_evolved< 20.4+7

🔴Vulnerability Details

GHSA

GHSA-gj3f-49gc-9p6w: An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to↗2023-04-18

▶

CVEList

Junos OS Evolved: Read access to some confidential user information is possible↗2023-04-17

▶

📋Vendor Advisories

Juniper

CVE-2023-28978: An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to↗2023-04-17

▶