Details of VAR-202004-0947

ID

VAR-202004-0947

CVE

CVE-2020-1621

TITLE

Junos OS Evolved Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003823

DESCRIPTION

A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1. Junos OS Evolved Exists in a vulnerability related to information leakage from log files.Information may be obtained. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. This vulnerability originates from the abnormal output of log files of network systems or products

Trust: 1.71

sources: NVD: CVE-2020-1621 // JVNDB: JVNDB-2020-003823 // VULHUB: VHN-169265

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	lt	version:	19.3r1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.3r1	Trust: 0.8

sources: JVNDB: JVNDB-2020-003823 // NVD: CVE-2020-1621

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1621
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1621
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-003823
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-514
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169265
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-1621
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003823
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-169265
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1621
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-003823
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169265 // JVNDB: JVNDB-2020-003823 // CNNVD: CNNVD-202004-514 // NVD: CVE-2020-1621 // NVD: CVE-2020-1621

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.9
problemtype:	CWE-664	Trust: 1.0

sources: VULHUB: VHN-169265 // JVNDB: JVNDB-2020-003823 // NVD: CVE-2020-1621

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-514

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202004-514

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003823

PATCH

title:	JSA11003	url:	https://kb.juniper.net/JSA11003	Trust: 0.8
title:	Juniper Networks Junos OS Evolved Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115716	Trust: 0.6

sources: JVNDB: JVNDB-2020-003823 // CNNVD: CNNVD-202004-514

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1621	Trust: 2.5
db:	JUNIPER	id:	JSA11003	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-003823	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-514	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1271	Trust: 0.6
db:	CNVD	id:	CNVD-2020-29614	Trust: 0.1
db:	VULHUB	id:	VHN-169265	Trust: 0.1

sources: VULHUB: VHN-169265 // JVNDB: JVNDB-2020-003823 // CNNVD: CNNVD-202004-514 // NVD: CVE-2020-1621

REFERENCES

url:	https://kb.juniper.net/jsa11003	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1621	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1621	Trust: 0.8
url:	https://kb.juniper.net/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-evolved-information-disclosure-via-log-files-31968	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1271/	Trust: 0.6

sources: VULHUB: VHN-169265 // JVNDB: JVNDB-2020-003823 // CNNVD: CNNVD-202004-514 // NVD: CVE-2020-1621

SOURCES

db:	VULHUB	id:	VHN-169265
db:	JVNDB	id:	JVNDB-2020-003823
db:	CNNVD	id:	CNNVD-202004-514
db:	NVD	id:	CVE-2020-1621

LAST UPDATE DATE

2024-08-14T12:22:01.135000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169265	date:	2020-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-003823	date:	2020-04-24T00:00:00
db:	CNNVD	id:	CNNVD-202004-514	date:	2020-04-13T00:00:00
db:	NVD	id:	CVE-2020-1621	date:	2020-04-10T17:45:14.557

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169265	date:	2020-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-003823	date:	2020-04-24T00:00:00
db:	CNNVD	id:	CNNVD-202004-514	date:	2020-04-08T00:00:00
db:	NVD	id:	CVE-2020-1621	date:	2020-04-08T20:15:13.653