CVE-2023-28966

EPSS 0.03%
Veröffentlicht 17.04.2023 22:15:08
Zuletzt bearbeitet 21.11.2024 07:56:18
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

Junos OS Evolved: Local low-privileged user with shell access can execute CLI commands as root

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 24 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Os Evolved Version < 20.4

Juniper ≫ Junos Os Evolved Version20.4 Update-

Juniper ≫ Junos Os Evolved Version20.4 Updater1

Juniper ≫ Junos Os Evolved Version20.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater2

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s3

Juniper ≫ Junos Os Evolved Version20.4 Updater3

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s3

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s4

Juniper ≫ Junos Os Evolved Version21.2 Update-

Juniper ≫ Junos Os Evolved Version21.2 Updater1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater2

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.3 Update-

Juniper ≫ Junos Os Evolved Version21.3 Updater1

Juniper ≫ Junos Os Evolved Version21.3 Updater1-s1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://supportportal.juniper.net/JSA70590

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28966

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28966

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28966

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-28966