CVE-2023-28966

EPSS 0.03%
Veröffentlicht 17.04.2023 22:15:08
Zuletzt bearbeitet 21.11.2024 07:56:18
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Os Evolved Version < 20.4

Juniper ≫ Junos Os Evolved Version20.4 Update-

Juniper ≫ Junos Os Evolved Version20.4 Updater1

Juniper ≫ Junos Os Evolved Version20.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater2

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s3

Juniper ≫ Junos Os Evolved Version20.4 Updater3

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s3

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s4

Juniper ≫ Junos Os Evolved Version21.2 Update-

Juniper ≫ Junos Os Evolved Version21.2 Updater1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater2

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.3 Update-

Juniper ≫ Junos Os Evolved Version21.3 Updater1

Juniper ≫ Junos Os Evolved Version21.3 Updater1-s1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://supportportal.juniper.net/JSA70590

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28966

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28966

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28966

EUVD