2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2023-28966" ,
"sourceIdentifier" : "sirt@juniper.net" ,
"published" : "2023-04-17T22:15:08.817" ,
2023-04-27 22:00:28 +02:00
"lastModified" : "2023-04-27T18:12:45.973" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "sirt@juniper.net" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "sirt@juniper.net" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-276"
}
]
}
] ,
2023-04-27 22:00:28 +02:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "20.4" ,
"matchCriteriaId" : "0F41A7DF-2B27-4E2E-ABFC-E0510A028199"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "247FB9DF-7EC0-4298-B27C-3235D141C1D6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "C9C8866D-162F-4C9B-8167-2FBA25410368"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "F85E5BC7-8607-4330-AA72-2273D32F8604"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "878C81C9-A418-4A21-8FDB-2116A992679C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "7451A671-A3CC-4904-8D45-947B1D3783C9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "0108AD20-EAE6-41D1-AE48-254C46B5388A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*" ,
"matchCriteriaId" : "E554FD12-FE69-44D1-B2C9-4382F8CA4456"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*" ,
"matchCriteriaId" : "E0C1D53E-70BE-4246-89ED-1074C8C70747"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "B38A90A9-B739-49BE-8845-9ABF846CCC5D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*" ,
"matchCriteriaId" : "AAE56A7C-BA26-405F-A640-C43AF78B0A3B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*" ,
"matchCriteriaId" : "683D8EED-9F26-41E7-B69C-FE198225A8F2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "620B0CDD-5566-472E-B96A-31D2C12E3120"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "7E1E57AF-979B-4022-8AD6-B3558E06B718"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "7BA246F0-154E-4F44-A97B-690D22FA73DD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "2B70C784-534B-4FAA-A5ED-3709656E2B97"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "FEE0E145-8E1C-446E-90ED-237E3B9CAF47"
}
]
}
]
}
] ,
2023-04-24 12:24:31 +02:00
"references" : [
{
"url" : "https://supportportal.juniper.net/JSA70590" ,
2023-04-27 22:00:28 +02:00
"source" : "sirt@juniper.net" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
