CVE-2020-1669
CVSS V2 Low 2.1
CVSS V3 Medium 6.3
Description
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.
Overview
- CVE ID
- CVE-2020-1669
- Assigner
- sirt@juniper.net
- Vulnerability Status
- Analyzed
- Published Version
- 2020-10-16T21:15:12
- Last Modified Date
- 2020-10-27T18:41:16
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:juniper:nfx350:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 2.1
- Severity
- LOW
- Exploitability Score
- 3.9
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
- Attack Vector
- LOCAL
- Attack Compatibility
- HIGH
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 6.3
- Base Severity
- MEDIUM
- Exploitability Score
- 1
- Impact Score
- 5.2
References
| Reference URL | Reference Tags |
|---|---|
| https://kb.juniper.net/JSA11066 | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2020-1669 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1669 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 16:22:00 | Added to TrackCVE | |||
| 2022-12-05 00:15:58 | 2020-10-16T21:15Z | 2020-10-16T21:15:12 | CVE Published Date | updated |
| 2022-12-05 00:15:58 | 2020-10-27T18:41:16 | CVE Modified Date | updated | |
| 2022-12-05 00:15:58 | Analyzed | Vulnerability Status | updated |