CVE-2020-1669

Published Oct 16, 2020

Last updated 4 years ago

CVSS medium 6.3

Overview

Description: The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.
Source: sirt@juniper.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.3
Impact score: 5.2
Exploitability score: 1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-522
sirt@juniper.net: CWE-256

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:juniper:nfx350:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6CB56048-A486-4A46-B438-CC3084BD9CB6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DCFA774-96EF-4018-82CF-95C807025C24"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19FDC05F-5582-4F7E-B628-E58A3C0E7F2F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "401306D1-E9CE-49C6-8DC9-0E8747B9DC2C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References