CVE-2023-28978

EPSS 0.28%
Published 17.04.2023 22:15:09
Last modified 21.11.2024 07:56:19
Source sirt@juniper.net
Teams watchlist Login
Open Login

An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about locally configured (administrative) users of the affected system. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S7-EVO on pending commit???; 21.1-EVO versions prior to 21.1R3-S4-EVO on awaiting build; 21.4-EVO versions prior to 21.4R3-S1-EVO; 22.2-EVO versions prior to 22.2R3-EVO; 21.2-EVO versions prior to 21.2R3-S5-EVO on pending commit???; 21.3-EVO version 21.3R1-EVO and later versions; 22.1-EVO version 22.1R1-EVO and later versions; 22.2-EVO versions prior to 22.2R2-S1-EVO.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Os Evolved Version < 20.4

Juniper ≫ Junos Os Evolved Version20.4 Update-

Juniper ≫ Junos Os Evolved Version20.4 Updater1

Juniper ≫ Junos Os Evolved Version20.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater2

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s3

Juniper ≫ Junos Os Evolved Version20.4 Updater3

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s3

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s4

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s5

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s6

Juniper ≫ Junos Os Evolved Version21.1 Update-

Juniper ≫ Junos Os Evolved Version21.1 Updater1

Juniper ≫ Junos Os Evolved Version21.1 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.1 Updater2

Juniper ≫ Junos Os Evolved Version21.1 Updater3

Juniper ≫ Junos Os Evolved Version21.1 Updater3-s1

Juniper ≫ Junos Os Evolved Version21.1 Updater3-s2

Juniper ≫ Junos Os Evolved Version21.1 Updater3-s3

Juniper ≫ Junos Os Evolved Version21.2 Update-

Juniper ≫ Junos Os Evolved Version21.2 Updater1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater2

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater3

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s3

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s4

Juniper ≫ Junos Os Evolved Version21.3 Updater1

Juniper ≫ Junos Os Evolved Version21.3 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.3 Updater2

Juniper ≫ Junos Os Evolved Version21.3 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.3 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.3 Updater3

Juniper ≫ Junos Os Evolved Version21.3 Updater3-s1

Juniper ≫ Junos Os Evolved Version21.3 Updater3-s2

Juniper ≫ Junos Os Evolved Version21.3 Updater3-s3

Juniper ≫ Junos Os Evolved Version21.4 Update-

Juniper ≫ Junos Os Evolved Version21.4 Updater1

Juniper ≫ Junos Os Evolved Version21.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version21.4 Updater2

Juniper ≫ Junos Os Evolved Version21.4 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.4 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.4 Updater3

Juniper ≫ Junos Os Evolved Version22.1 Updater1

Juniper ≫ Junos Os Evolved Version22.1 Updater1-s1

Juniper ≫ Junos Os Evolved Version22.1 Updater1-s2

Juniper ≫ Junos Os Evolved Version22.1 Updater2

Juniper ≫ Junos Os Evolved Version22.1 Updater2-s1

Juniper ≫ Junos Os Evolved Version22.1 Updater3

Juniper ≫ Junos Os Evolved Version22.2 Updater1

Juniper ≫ Junos Os Evolved Version22.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version22.2 Updater2

Juniper ≫ Junos Os Evolved Version22.2 Updater2-s1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.28%	0.507

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
sirt@juniper.net	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

https://supportportal.juniper.net/JSA70603

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28978

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28978

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28978

EUVD