"value":"An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 20.4R3-S7-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S5-EVO;\n * 21.3 versions prior to 21.3R3-S4-EVO;\n * 21.4 versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R2-EVO.\n\n\n"
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang":"eng",
"value":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"value":"<p>Restrict Junos OS Evolved shell access to trusted users only.</p><p>Avoid or disallow the use of the 'file copy' command.</p>"
}
],
"value":"Restrict Junos OS Evolved shell access to trusted users only.\n\nAvoid or disallow the use of the 'file copy' command.\n\n"
}
],
"exploit":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"
}
],
"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"solution":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"<p>The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.</p>"
}
],
"value":"The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\n\n"
