Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1622

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1.

Published

2020-04-08T20:15:13.717

Last Modified

2024-11-21T05:11:01.150

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-664
Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos_os_evolved	< 19.1r1	Yes

References

https://kb.juniper.net/JSA11003 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA11003 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)