Details of VAR-202004-0946

ID

VAR-202004-0946

CVE

CVE-2020-1620

TITLE

Junos OS Evolved Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003822

DESCRIPTION

A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1. Junos OS Evolved Exists in a vulnerability related to information leakage from log files.Information may be obtained. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. This vulnerability originates from the abnormal output of log files of network systems or products

Trust: 1.71

sources: NVD: CVE-2020-1620 // JVNDB: JVNDB-2020-003822 // VULHUB: VHN-169254

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	lt	version:	19.3r1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.3r1	Trust: 0.8

sources: JVNDB: JVNDB-2020-003822 // NVD: CVE-2020-1620

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1620
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1620
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-003822
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-515
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169254
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-1620
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003822
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-169254
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1620
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-003822
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169254 // JVNDB: JVNDB-2020-003822 // CNNVD: CNNVD-202004-515 // NVD: CVE-2020-1620 // NVD: CVE-2020-1620

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.9
problemtype:	CWE-664	Trust: 1.0

sources: VULHUB: VHN-169254 // JVNDB: JVNDB-2020-003822 // NVD: CVE-2020-1620

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-515

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202004-515

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003822

PATCH

title:	JSA11003	url:	https://kb.juniper.net/JSA11003	Trust: 0.8
title:	Juniper Networks Junos OS Evolved Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115717	Trust: 0.6

sources: JVNDB: JVNDB-2020-003822 // CNNVD: CNNVD-202004-515

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1620	Trust: 2.5
db:	JUNIPER	id:	JSA11003	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-003822	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-515	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1271	Trust: 0.6
db:	CNVD	id:	CNVD-2020-23009	Trust: 0.1
db:	VULHUB	id:	VHN-169254	Trust: 0.1

sources: VULHUB: VHN-169254 // JVNDB: JVNDB-2020-003822 // CNNVD: CNNVD-202004-515 // NVD: CVE-2020-1620

REFERENCES

url:	https://kb.juniper.net/jsa11003	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1620	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1620	Trust: 0.8
url:	https://kb.juniper.net/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-evolved-information-disclosure-via-log-files-31968	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1271/	Trust: 0.6

sources: VULHUB: VHN-169254 // JVNDB: JVNDB-2020-003822 // CNNVD: CNNVD-202004-515 // NVD: CVE-2020-1620

SOURCES

db:	VULHUB	id:	VHN-169254
db:	JVNDB	id:	JVNDB-2020-003822
db:	CNNVD	id:	CNNVD-202004-515
db:	NVD	id:	CVE-2020-1620

LAST UPDATE DATE

2024-08-14T12:12:52.063000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169254	date:	2020-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-003822	date:	2020-04-24T00:00:00
db:	CNNVD	id:	CNNVD-202004-515	date:	2020-04-13T00:00:00
db:	NVD	id:	CVE-2020-1620	date:	2020-04-10T18:09:14.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169254	date:	2020-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-003822	date:	2020-04-24T00:00:00
db:	CNNVD	id:	CNNVD-202004-515	date:	2020-04-08T00:00:00
db:	NVD	id:	CVE-2020-1620	date:	2020-04-08T20:15:13.573