CVE-2023-44201

Published Oct 13, 2023
Last updated a year ago
CVSS medium 5.5
Overview

Description: An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO.
Source: sirt@juniper.net
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM
Weaknesses

nvd@nist.gov: CWE-732
sirt@juniper.net: CWE-732
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C",
            "versionEndExcluding": "20.4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199",
            "versionEndExcluding": "20.4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89B9BF7C-525C-4819-B80D-9B5F240F9878"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52C3552E-798F-4719-B38D-F74E34EAAA40"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
