PT-2020-14881 · Juniper Networks · Junos

Published

2020-10-16

Updated

2020-10-27

CVE-2020-1669

CVSS v3.1

6.3

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on NFX350 versions prior to 19.4R3 Juniper Networks Junos OS on NFX350 versions prior to 20.1R1-S4 Juniper Networks Junos OS on NFX350 versions prior to 20.1R2

Description The issue concerns the storage of password hashes in a world-readable file, /etc/passwd, within the Juniper Device Manager container. This practice allows an attacker with local filesystem access to potentially brute-force decrypt the stored password hashes.

Recommendations For versions prior to 19.4R3, update to 19.4R3 or later. For versions prior to 20.1R1-S4, update to 20.1R1-S4 or later. For versions prior to 20.1R2, update to 20.1R2 or later.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-256CWE-522

Related Identifiers

CVE-2020-1669

Affected Products

Junos

PT-2020-14881 · Juniper Networks · Junos

CVE-2020-1669

Weakness Enumeration

Related Identifiers

Affected Products

References · 3