admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/1xxx/CVE-2020-1606.json
CVE Team 8a71b1a0fd
"-Synchronized-Data."
2020-01-15 09:01:17 +00:00

216 lines
11 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1606",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Path traversal vulnerability in J-Web"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S13"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D85"
},
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D51"
},
{
"version_affected": "<",
"version_name": "15.1F6",
"version_value": "15.1F6-S13"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S5"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D180"
},
{
"platform": "QFX5200/QFX5110 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D238"
},
{
"platform": "EX2300/EX3400 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D592"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R4-S13, 16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S10"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3-S1"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S9, 17.2R3-S2"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S5"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S8"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S3, 18.3R3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n [system services web-management http]\n [system services web-management https]"
}
],
"credit": [
{
"lang": "eng",
"value": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10985",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10985"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S13, 12.3X48-D85, 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X49-D180, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R3, 18.3R2-S3, 18.3R3, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10985",
"defect": [
"1431298"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Limit access to the J-Web interface to only trusted users to reduce risks of exploitation of this vulnerability."
}
]
}
Reference in New Issue View Git Blame Copy Permalink