Details of VAR-202004-0948

ID

VAR-202004-0948

CVE

CVE-2020-1623

TITLE

Junos OS Evolved Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003825

DESCRIPTION

A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1. Junos OS Evolved Exists in a vulnerability related to information leakage from log files.Information may be obtained. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. This vulnerability originates from the abnormal output of log files of network systems or products

Trust: 1.71

sources: NVD: CVE-2020-1623 // JVNDB: JVNDB-2020-003825 // VULHUB: VHN-169287

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	lt	version:	19.2r1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.1r1	Trust: 0.8

sources: JVNDB: JVNDB-2020-003825 // NVD: CVE-2020-1623

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1623
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1623
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-003825
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-517
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169287
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-1623
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003825
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-169287
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1623
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-003825
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169287 // JVNDB: JVNDB-2020-003825 // CNNVD: CNNVD-202004-517 // NVD: CVE-2020-1623 // NVD: CVE-2020-1623

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.9

sources: VULHUB: VHN-169287 // JVNDB: JVNDB-2020-003825 // NVD: CVE-2020-1623

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-517

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202004-517

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003825

PATCH

title:	JSA11003	url:	https://kb.juniper.net/JSA11003	Trust: 0.8
title:	Juniper Networks Junos OS Evolved Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115719	Trust: 0.6

sources: JVNDB: JVNDB-2020-003825 // CNNVD: CNNVD-202004-517

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1623	Trust: 2.5
db:	JUNIPER	id:	JSA11003	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-003825	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-517	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1271	Trust: 0.6
db:	CNVD	id:	CNVD-2020-29616	Trust: 0.1
db:	VULHUB	id:	VHN-169287	Trust: 0.1

sources: VULHUB: VHN-169287 // JVNDB: JVNDB-2020-003825 // CNNVD: CNNVD-202004-517 // NVD: CVE-2020-1623

REFERENCES

url:	https://kb.juniper.net/jsa11003	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1623	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1623	Trust: 0.8
url:	https://kb.juniper.net/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-evolved-information-disclosure-via-log-files-31968	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1271/	Trust: 0.6

sources: VULHUB: VHN-169287 // JVNDB: JVNDB-2020-003825 // CNNVD: CNNVD-202004-517 // NVD: CVE-2020-1623

SOURCES

db:	VULHUB	id:	VHN-169287
db:	JVNDB	id:	JVNDB-2020-003825
db:	CNNVD	id:	CNNVD-202004-517
db:	NVD	id:	CVE-2020-1623

LAST UPDATE DATE

2024-11-23T19:28:21.685000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169287	date:	2020-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-003825	date:	2020-04-24T00:00:00
db:	CNNVD	id:	CNNVD-202004-517	date:	2020-04-13T00:00:00
db:	NVD	id:	CVE-2020-1623	date:	2024-11-21T05:11:01.290

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169287	date:	2020-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-003825	date:	2020-04-24T00:00:00
db:	CNNVD	id:	CNNVD-202004-517	date:	2020-04-08T00:00:00
db:	NVD	id:	CVE-2020-1623	date:	2020-04-08T20:15:13.793