Sign-up

ID

VAR-202001-0996


CVE

CVE-2020-1606


TITLE

Junos OS vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2020-000002

DESCRIPTION

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2. Junos OS contains a directory traversal vulnerability (CWE-22). Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Files on the server may be viewed or deleted by an authenticated J-web user. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories. The following products and versions are affected: Juniper Networks Junos OS Release 12.3, Release 12.3X48, Release 14.1X53, Release 15.1, Release 15.1F6, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3 Version, version 17.4, version 18.1, version 18.2, version 18.3, version 18.4, version 18.4, version 19.1

Trust: 1.71

sources: NVD: CVE-2020-1606 // JVNDB: JVNDB-2020-000002 // VULHUB: VHN-169100

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:12.3 prior to 12.3r12-s13

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48 prior to 12.3x48-d85 on srx series

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53 prior to 14.1x53-d51

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1 prior to 15.1r7-s5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f6 prior to 15.1f6-s13

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49 prior to 15.1x49-d180 on srx series

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53 prior to 15.1x53-d238 on qfx5200/qfx5110 series

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1 prior to 16.1r4-s13, 16.1r7-s5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.2 prior to 16.2r2-s10

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.1 prior to 17.1r3-s1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.2 prior to 17.2r1-s9, 17.2r3-s2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.3 prior to 17.3r2-s5, 17.3r3-s5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.4 prior to 17.4r2-s9, 17.4r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.1 prior to 18.1r3-s8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.2 prior to 18.2r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.3 prior to 18.3r2-s3, 18.3r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.4 prior to 18.4r2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:19.1 prior to 19.1r1-s4, 19.1r

Trust: 0.8

vendor:junipermodel:qfx5200scope:eqversion: -

Trust: 0.6

vendor:junipermodel:qfx5110scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2020-000002 // CNNVD: CNNVD-202001-303 // NVD: CVE-2020-1606

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1606
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1606
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2020-000002
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-303
value: MEDIUM

Trust: 0.6

VULHUB: VHN-169100
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1606
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2020-000002
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-169100
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1606
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2020-1606
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

IPA: JVNDB-2020-000002
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169100 // JVNDB: JVNDB-2020-000002 // CNNVD: CNNVD-202001-303 // NVD: CVE-2020-1606 // NVD: CVE-2020-1606

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-169100 // JVNDB: JVNDB-2020-000002 // NVD: CVE-2020-1606

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202001-303

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-000002

PATCH
title:2020-01 Security Bulletin: Junos OS: Path traversal vulnerability in J-Web (CVE-2020-1606)url:https://kb.juniper.net/JSA10985
Trust: 0.8
title:Juniper Networks Junos OS Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108390
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-000002 // 
            
            
            
            CNNVD: CNNVD-202001-303

EXTERNAL IDS
db:NVDid:CVE-2020-1606
Trust: 2.5
db:JUNIPERid:JSA10985
Trust: 1.7
db:JVNid:JVN07375820
Trust: 1.4
db:JVNDBid:JVNDB-2020-000002
Trust: 1.4
db:CNNVDid:CNNVD-202001-303
Trust: 0.7
db:AUSCERTid:ESB-2020.0082
Trust: 0.6
db:JUNIPERid:JSA10979
Trust: 0.6
db:JUNIPERid:JSA10986
Trust: 0.6
db:JUNIPERid:JSA10980
Trust: 0.6
db:JUNIPERid:JSA10982
Trust: 0.6
db:CNVDid:CNVD-2020-03711
Trust: 0.1
db:VULHUBid:VHN-169100
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169100 // 
            
            
            
            JVNDB: JVNDB-2020-000002 // 
            
            
            
            CNNVD: CNNVD-202001-303 // 
            
            
            
            NVD: CVE-2020-1606

REFERENCES
url:https://kb.juniper.net/jsa10985
Trust: 1.7
url:https://jvn.jp/en/jp/jvn07375820/index.html
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1606
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10986
Trust: 0.6
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10985
Trust: 0.6
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10982
Trust: 0.6
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10980
Trust: 0.6
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10979
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1606
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0082/
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-directory-traversal-via-j-web-31279
Trust: 0.6
url:https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000002.html
Trust: 0.6
sources:
            
            
            VULHUB: VHN-169100 // 
            
            
            
            JVNDB: JVNDB-2020-000002 // 
            
            
            
            CNNVD: CNNVD-202001-303 // 
            
            
            
            NVD: CVE-2020-1606

SOURCES
db:VULHUBid:VHN-169100
db:JVNDBid:JVNDB-2020-000002
db:CNNVDid:CNNVD-202001-303
db:NVDid:CVE-2020-1606

LAST UPDATE DATE
2024-11-23T22:05:50.629000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169100date:2021-02-05T00:00:00
db:JVNDBid:JVNDB-2020-000002date:2020-01-10T00:00:00
db:CNNVDid:CNNVD-202001-303date:2020-01-17T00:00:00
db:NVDid:CVE-2020-1606date:2024-11-21T05:10:57.077

SOURCES RELEASE DATE
db:VULHUBid:VHN-169100date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2020-000002date:2020-01-10T00:00:00
db:CNNVDid:CNNVD-202001-303date:2020-01-09T00:00:00
db:NVDid:CVE-2020-1606date:2020-01-15T09:15:12.453