CVE-2020-1666

Published: Oct 16, 2020Modified: Nov 21, 2024

6.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.7 / Impact: 5.9

Source: sirt@juniper.net (Secondary)

Description

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.

Affected (7)

Products: Juniper: Junos Os Evolved

Juniper

1 product

Junos Os Evolved

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos Os Evolved	Version 19.2 r1
Juniper Junos Os Evolved	Version 19.2 r2
Juniper Junos Os Evolved	Version 19.3 r2
Juniper Junos Os Evolved	Version 19.4 r1
Juniper Junos Os Evolved	Version 19.4 r2-s1
Juniper Junos Os Evolved	Version 19.4 r2
Juniper Junos Os Evolved	Version 20.1 r1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-613

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (2)

https://kb.juniper.net/JSA11063

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA11063

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.