Details of VAR-202004-0949

ID

VAR-202004-0949

CVE

CVE-2020-1624

TITLE

Junos OS Evolved Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003826

DESCRIPTION

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1. Junos OS Evolved Exists in a vulnerability related to information leakage from log files.Information may be obtained. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. This vulnerability originates from the abnormal output of log files of network systems or products

Trust: 1.71

sources: NVD: CVE-2020-1624 // JVNDB: JVNDB-2020-003826 // VULHUB: VHN-169298

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	lt	version:	19.1r1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.1r1	Trust: 0.8

sources: JVNDB: JVNDB-2020-003826 // NVD: CVE-2020-1624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1624
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1624
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-003826
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-519
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169298
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-1624
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003826
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-169298
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1624
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-003826
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169298 // JVNDB: JVNDB-2020-003826 // CNNVD: CNNVD-202004-519 // NVD: CVE-2020-1624 // NVD: CVE-2020-1624

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.9

sources: VULHUB: VHN-169298 // JVNDB: JVNDB-2020-003826 // NVD: CVE-2020-1624

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-519

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202004-519

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003826

PATCH

title:	JSA11003	url:	https://kb.juniper.net/JSA11003	Trust: 0.8
title:	Juniper Networks Junos OS Evolved Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115721	Trust: 0.6

sources: JVNDB: JVNDB-2020-003826 // CNNVD: CNNVD-202004-519

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1624	Trust: 2.5
db:	JUNIPER	id:	JSA11003	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-003826	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-519	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1271	Trust: 0.6
db:	VULHUB	id:	VHN-169298	Trust: 0.1

sources: VULHUB: VHN-169298 // JVNDB: JVNDB-2020-003826 // CNNVD: CNNVD-202004-519 // NVD: CVE-2020-1624

REFERENCES

url:	https://kb.juniper.net/jsa11003	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1624	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1624	Trust: 0.8
url:	https://kb.juniper.net/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-evolved-information-disclosure-via-log-files-31968	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1271/	Trust: 0.6

sources: VULHUB: VHN-169298 // JVNDB: JVNDB-2020-003826 // CNNVD: CNNVD-202004-519 // NVD: CVE-2020-1624

SOURCES

db:	VULHUB	id:	VHN-169298
db:	JVNDB	id:	JVNDB-2020-003826
db:	CNNVD	id:	CNNVD-202004-519
db:	NVD	id:	CVE-2020-1624

LAST UPDATE DATE

2024-08-14T12:12:30.293000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169298	date:	2020-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-003826	date:	2020-04-24T00:00:00
db:	CNNVD	id:	CNNVD-202004-519	date:	2020-04-13T00:00:00
db:	NVD	id:	CVE-2020-1624	date:	2020-04-10T17:28:37.580

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169298	date:	2020-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-003826	date:	2020-04-24T00:00:00
db:	CNNVD	id:	CNNVD-202004-519	date:	2020-04-08T00:00:00
db:	NVD	id:	CVE-2020-1624	date:	2020-04-08T20:15:13.840