CVE-2023-44187Sensitive Information Exposure in Networks Junos OS Evolved

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.5MEDIUMNVD
CNA5.9
EPSS
0.0%
top 88.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedOct 11

Description

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S7-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved21.1R121.1*+6

🔴Vulnerability Details

2
GHSA
GHSA-8h3p-5f62-5ppm: An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell ac2023-10-11
CVEList
Junos OS Evolved: 'file copy' CLI command can disclose password to shell users2023-10-11

📋Vendor Advisories

1
Juniper
CVE-2023-44187: An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell ac2023-10-11
CVE-2023-44187 — Sensitive Information Exposure | cvebase