CVE-2020-1666
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/10/2020
Last modified:
25/10/2021
Description
The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.
Impact
Base Score 3.x
6.60
Severity 3.x
MEDIUM
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page