CVE-2020-1606

Name of the Vulnerable Software and Affected Versions Junos OS versions 12.3 prior to 12.3R12-S13 Junos OS versions 12.3X48 prior to 12.3X48-D85 Junos OS versions 14.1X53 prior to 14.1X53-D51 Junos OS versions 15.1F6 prior to 15.1F6-S13 Junos OS versions 15.1 prior to 15.1R7-S5 Junos OS versions 15.1X49 prior to 15.1X49-D180 Junos OS versions 15.1X53 prior to 15.1X53-D238 Junos OS versions 16.1 prior to 16.1R4-S13, 16.1R7-S5 Junos OS versions 16.2 prior to 16.2R2-S10 Junos OS versions 17.1 prior to 17.1R3-S1 Junos OS versions 17.2 prior to 17.2R1-S9, 17.2R3-S2 Junos OS versions 17.3 prior to 17.3R2-S5, 17.3R3-S5 Junos OS versions 17.4 prior to 17.4R2-S9, 17.4R3 Junos OS versions 18.1 prior to 18.1R3-S8 Junos OS versions 18.2 prior to 18.2R3 Junos OS versions 18.3 prior to 18.3R2-S3, 18.3R3 Junos OS versions 18.4 prior to 18.4R2 Junos OS versions 19.1 prior to 19.1R1-S4, 19.1R2

Description A path traversal issue exists in Junos OS due to incorrect restriction of directory path names with limited access. This may allow a remote attacker to read files with 'world' readable permission or delete files with 'world' writeable permission. The issue does not affect system files accessible only by the root user.

Recommendations For Junos OS versions 12.3 prior to 12.3R12-S13, update to version 12.3R12-S13 or later. For Junos OS versions 12.3X48 prior to 12.3X48-D85, update to version 12.3X48-D85 or later. For Junos OS versions 14.1X53 prior to 14.1X53-D51, update to version 14.1X53-D51 or later. For Junos OS versions 15.1F6 prior to 15.1F6-S13, update to version 15.1F6-S13 or later. For Junos OS versions 15.1 prior to 15.1R7-S5, update to version 15.1R7-S5 or later. For Junos OS versions 15.1X49 prior to 15.1X49-D180, update to version 15.1X49-D180 or later. For Junos OS versions 15.1X53 prior to 15.1X53-D238, update to version 15.1X53-D238 or later. For Junos OS versions 16.1 prior to 16.1R4-S13, 16.1R7-S5, update to version 16.1R4-S13, 16.1R7-S5 or later. For Junos OS versions 16.2 prior to 16.2R2-S10, update to version 16.2R2-S10 or later. For Junos OS versions 17.1 prior to 17.1R3-S1, update to version 17.1R3-S1 or later. For Junos OS versions 17.2 prior to 17.2R1-S9, 17.2R3-S2, update to version 17.2R1-S9, 17.2R3-S2 or later. For Junos OS versions 17.3 prior to 17.3R2-S5, 17.3R3-S5, update to version 17.3R2-S5, 17.3R3-S5 or later. For Junos OS versions 17.4 prior to 17.4R2-S9, 17.4R3, update to version 17.4R2-S9, 17.4R3 or later. For Junos OS versions 18.1 prior to 18.1R3-S8, update to version 18.1R3-S8 or later. For Junos OS versions 18.2 prior to 18.2R3, update to version 18.2R3 or later. For Junos OS versions 18.3 prior to 18.3R2-S3, 18.3R3, update to version 18.3R2-S3, 18.3R3 or later. For Junos OS versions 18.4 prior to 18.4R2, update to version 18.4R2 or later. For Junos OS versions 19.1 prior to 19.1R1-S4, 19.1R2, update to version 19.1R1-S4, 19.1R2 or later.