CVE-2020-1620 - OpenCVE

A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Junos Os Evolved

Configuration 1 [-]

cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*

References

Link	Resource
https://kb.juniper.net/JSA11003	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2020-04-08T00:00:00

Updated: 2020-04-09T23:09:15

Reserved: 2019-11-04T00:00:00

Link: CVE-2020-1620

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-08T20:15:13.573

Modified: 2020-04-10T18:09:14.250

Link: CVE-2020-1620

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "19.3R1-EVO", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-664", "description": "CWE-664 Improper Control of a Resource Through its Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-09T23:09:15", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11003"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases.\n"}], "source": {"advisory": "JSA11003", "defect": ["1406189"], "discovery": "INTERNAL"}, "title": "Junos OS Evolved: Configd leaks hashes via log file and is world readable", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-04-08T16:00:00.000Z", "ID": "CVE-2020-1620", "STATE": "PUBLIC", "TITLE": "Junos OS Evolved: Configd leaks hashes via log file and is world readable"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS Evolved", "version": {"version_data": [{"version_affected": "<", "version_value": "19.3R1-EVO"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-664 Improper Control of a Resource Through its Lifetime"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11003", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11003"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases.\n"}], "source": {"advisory": "JSA11003", "defect": ["1406189"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue."}]}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2020-1620", "datePublished": "2020-04-08T00:00:00", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2020-04-09T23:09:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*", "matchCriteriaId": "A69E00AE-DDF5-4A1B-8F35-15C58FB88743", "versionEndExcluding": "19.3r1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1."}, {"lang": "es", "value": "Un usuario autenticado local con shell puede obtener los valores de las contrase\u00f1as de inicio de sesi\u00f3n del hash por medio del registro configd streamer. Este problema afecta a todas las versiones de Junos OS Evolved anteriores a 19.3R1."}], "id": "CVE-2020-1620", "lastModified": "2020-04-10T18:09:14.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2020-04-08T20:15:13.573", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11003"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-664"}], "source": "sirt@juniper.net", "type": "Secondary"}]}