- Description
- An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.
- Source
- sirt@juniper.net
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 6.6
- Impact score
- 5.9
- Exploitability score
- 0.7
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- sirt@juniper.net
- CWE-1263
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4BB6910-B994-45FD-8153-5EC00EE842E6"
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8"
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7147BA60-30A5-4CED-9AAF-F6BEA0528B89"
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E5CE59B-14B2-4F4C-81B5-0430EC954956"
}
],
"operator": "OR"
}
]
}
]