CVE-2020-1669
Severity CVSS v4.0:
Pending analysis
Type:
CWE-522
Insufficiently Protected Credentials
Publication date:
16/10/2020
Last modified:
27/10/2020
Description
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:nfx350:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page