CVE-2023-44194
published 2023-10-13CVE-2023-44194: An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges.
This issue affects Juniper Networks Junos OS:
* All versions prior to 20.4R3-S5;
* 21.1 versions prior to 21.1R3-S4;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S3;
* 21.4 versions prior to 21.4R3-S1.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | < 20.4 | 20.4 |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper_networks | junos_os | < 20.4R3-S5 | 20.4R3-S5 |
| juniper_networks | junos_os | >= 21.1 < 21.1R3-S4 | 21.1R3-S4 |
| juniper_networks | junos_os | >= 21.2 < 21.2R3-S4 | 21.2R3-S4 |
| juniper_networks | junos_os | >= 21.3 < 21.3R3-S3 | 21.3R3-S3 |
| juniper_networks | junos_os | >= 21.4 < 21.4R3-S1 | 21.4R3-S1 |