CVE-2020-1666

Published Oct 16, 2020

Last updated 3 years ago

CVSS medium 6.6

Overview

Description: The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.
Source: sirt@juniper.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.6
Impact score: 5.9
Exploitability score: 0.7
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-613
sirt@juniper.net: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "914D6984-1820-483B-AEB9-2C5257B5E900"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14C57D33-01BB-4190-B787-F5BDACE82AFD"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D3C2D74-AF22-4BED-A0C5-089B5507D275"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83447F3F-79A3-41DF-8FD1-31DCFCBE40A4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B14CED1-BEAF-4343-A05D-FB1E2B6AC955"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABB91C38-8C70-436A-83DB-42B8DF81D7D8"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F64FBB4B-7CBF-499B-A523-804857DEFAFA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References