Sign-up

ID

VAR-202004-0951


CVE

CVE-2020-1622


TITLE

Junos OS Evolved Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003824

DESCRIPTION

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1. Junos OS Evolved Exists in a vulnerability related to information leakage from log files.Information may be obtained. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. This vulnerability originates from the abnormal output of log files of network systems or products

Trust: 1.8

sources: NVD: CVE-2020-1622 // JVNDB: JVNDB-2020-003824 // VULHUB: VHN-169276 // VULMON: CVE-2020-1622

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:ltversion:19.1r1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.1r1

Trust: 0.8

sources: JVNDB: JVNDB-2020-003824 // NVD: CVE-2020-1622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1622
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2020-1622
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003824
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-516
value: MEDIUM

Trust: 0.6

VULHUB: VHN-169276
value: LOW

Trust: 0.1

VULMON: CVE-2020-1622
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-1622
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003824
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-169276
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1622
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-003824
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169276 // VULMON: CVE-2020-1622 // JVNDB: JVNDB-2020-003824 // CNNVD: CNNVD-202004-516 // NVD: CVE-2020-1622 // NVD: CVE-2020-1622

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

problemtype:CWE-664

Trust: 1.0

sources: VULHUB: VHN-169276 // JVNDB: JVNDB-2020-003824 // NVD: CVE-2020-1622

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-516

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202004-516

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003824

PATCH
title:JSA11003url:https://kb.juniper.net/JSA11003
Trust: 0.8
title:Juniper Networks Junos OS Evolved Repair measures for log information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115718
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003824 // 
            
            
            
            CNNVD: CNNVD-202004-516

EXTERNAL IDS
db:NVDid:CVE-2020-1622
Trust: 2.6
db:JUNIPERid:JSA11003
Trust: 1.8
db:JVNDBid:JVNDB-2020-003824
Trust: 0.8
db:CNNVDid:CNNVD-202004-516
Trust: 0.7
db:AUSCERTid:ESB-2020.1271
Trust: 0.6
db:CNVDid:CNVD-2020-29615
Trust: 0.1
db:VULHUBid:VHN-169276
Trust: 0.1
db:VULMONid:CVE-2020-1622
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169276 // 
            
            
            
            VULMON: CVE-2020-1622 // 
            
            
            
            JVNDB: JVNDB-2020-003824 // 
            
            
            
            CNNVD: CNNVD-202004-516 // 
            
            
            
            NVD: CVE-2020-1622

REFERENCES
url:https://kb.juniper.net/jsa11003
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-1622
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1622
Trust: 0.8
url:https://kb.juniper.net/
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-evolved-information-disclosure-via-log-files-31968
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1271/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/532.html
Trust: 0.1
url:https://github.com/mount4in/security-knowledge
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169276 // 
            
            
            
            VULMON: CVE-2020-1622 // 
            
            
            
            JVNDB: JVNDB-2020-003824 // 
            
            
            
            CNNVD: CNNVD-202004-516 // 
            
            
            
            NVD: CVE-2020-1622

SOURCES
db:VULHUBid:VHN-169276
db:VULMONid:CVE-2020-1622
db:JVNDBid:JVNDB-2020-003824
db:CNNVDid:CNNVD-202004-516
db:NVDid:CVE-2020-1622

LAST UPDATE DATE
2024-11-23T20:30:02.259000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169276date:2020-04-10T00:00:00
db:VULMONid:CVE-2020-1622date:2020-04-10T00:00:00
db:JVNDBid:JVNDB-2020-003824date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-516date:2020-04-13T00:00:00
db:NVDid:CVE-2020-1622date:2024-11-21T05:11:01.150

SOURCES RELEASE DATE
db:VULHUBid:VHN-169276date:2020-04-08T00:00:00
db:VULMONid:CVE-2020-1622date:2020-04-08T00:00:00
db:JVNDBid:JVNDB-2020-003824date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-516date:2020-04-08T00:00:00
db:NVDid:CVE-2020-1622date:2020-04-08T20:15:13.717