← Back

CVE-2020-1688

nvd nist
Published: Oct 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Exploitability: 2.0 / Impact: 4.0
Source: sirt@juniper.net (Secondary)

Description

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2.

Affected (171)

Products: Juniper: Junos
Juniper
1 product
Junos
Configuration A
171 vulnerable · 16 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 12.3x48
Junos
Version 12.3x48 d100
Junos
Version 12.3x48 d10
Junos
Version 12.3x48 d15
Junos
Version 12.3x48 d20
Junos
Version 12.3x48 d25
Junos
Version 12.3x48 d30
Junos
Version 12.3x48 d35
Junos
Version 12.3x48 d40
Junos
Version 12.3x48 d45
Junos
Version 12.3x48 d50
Junos
Version 12.3x48 d51
Junos
Version 12.3x48 d55
Junos
Version 12.3x48 d60
Junos
Version 12.3x48 d65
Junos
Version 12.3x48 d70
Junos
Version 12.3x48 d75
Junos
Version 12.3x48 d80
Junos
Version 12.3x48 d90
Junos
Version 12.3x48 d95
Junos
Version 15.1x49
Junos
Version 15.1x49 d100
Junos
Version 15.1x49 d10
Junos
Version 15.1x49 d110
Junos
Version 15.1x49 d120
Junos
Version 15.1x49 d130
Junos
Version 15.1x49 d140
Junos
Version 15.1x49 d150
Junos
Version 15.1x49 d15
Junos
Version 15.1x49 d160
Junos
Version 15.1x49 d170
Junos
Version 15.1x49 d180
Junos
Version 15.1x49 d20
Junos
Version 15.1x49 d25
Junos
Version 15.1x49 d30
Junos
Version 15.1x49 d35
Junos
Version 15.1x49 d40
Junos
Version 15.1x49 d45
Junos
Version 15.1x49 d50
Junos
Version 15.1x49 d55
Junos
Version 15.1x49 d60
Junos
Version 15.1x49 d65
Junos
Version 15.1x49 d70
Junos
Version 15.1x49 d75
Junos
Version 15.1x49 d80
Junos
Version 15.1x49 d90
Junos
Version 16.1
Junos
Version 16.1 r1
Junos
Version 16.1 r2
Junos
Version 16.1 r3-s10
Junos
Version 16.1 r3-s11
Junos
Version 16.1 r3
Junos
Version 16.1 r4-s12
Junos
Version 16.1 r4-s2
Junos
Version 16.1 r4-s3
Junos
Version 16.1 r4-s4
Junos
Version 16.1 r4-s6
Junos
Version 16.1 r4
Junos
Version 16.1 r5-s4
Junos
Version 16.1 r5
Junos
Version 16.1 r6-s1
Junos
Version 16.1 r6-s6
Junos
Version 16.1 r7-s2
Junos
Version 16.1 r7-s3
Junos
Version 16.1 r7-s4
Junos
Version 16.1 r7-s5
Junos
Version 16.1 r7-s6
Junos
Version 16.1 r7-s7
Junos
Version 16.1 r7
Junos
Version 17.2
Junos
Version 17.2 r1-s1
Junos
Version 17.2 r1-s2
Junos
Version 17.2 r1-s3
Junos
Version 17.2 r1-s4
Junos
Version 17.2 r1-s5
Junos
Version 17.2 r1-s7
Junos
Version 17.2 r1-s8
Junos
Version 17.2 r1
Junos
Version 17.2 r2-s11
Junos
Version 17.2 r2-s6
Junos
Version 17.2 r2-s7
Junos
Version 17.2 r2
Junos
Version 17.2 r3-s1
Junos
Version 17.2 r3-s2
Junos
Version 17.2 r3-s3
Junos
Version 17.3
Junos
Version 17.3 r1-s1
Junos
Version 17.3 r2-s1
Junos
Version 17.3 r2-s2
Junos
Version 17.3 r2-s3
Junos
Version 17.3 r2-s4
Junos
Version 17.3 r2-s5
Junos
Version 17.3 r2
Junos
Version 17.3 r3-s1
Junos
Version 17.3 r3-s2
Junos
Version 17.3 r3-s3
Junos
Version 17.3 r3-s4
Junos
Version 17.3 r3-s7
Junos
Version 17.3 r3
Junos
Version 17.4
Junos
Version 17.4 r1-s1
Junos
Version 17.4 r1-s2
Junos
Version 17.4 r1-s4
Junos
Version 17.4 r1-s5
Junos
Version 17.4 r1-s6
Junos
Version 17.4 r1-s7
Junos
Version 17.4 r1
Junos
Version 17.4 r2-s10
Junos
Version 17.4 r2-s1
Junos
Version 17.4 r2-s2
Junos
Version 17.4 r2-s3
Junos
Version 17.4 r2-s4
Junos
Version 17.4 r2-s5
Junos
Version 17.4 r2-s6
Junos
Version 17.4 r2-s7
Junos
Version 17.4 r2-s8
Junos
Version 17.4 r2-s9
Junos
Version 17.4 r2
Junos
Version 18.1
Junos
Version 18.1 r1
Junos
Version 18.1 r2-s1
Junos
Version 18.1 r2-s2
Junos
Version 18.1 r2-s4
Junos
Version 18.1 r2
Junos
Version 18.1 r3-s1
Junos
Version 18.1 r3-s2
Junos
Version 18.1 r3-s3
Junos
Version 18.1 r3-s4
Junos
Version 18.1 r3-s6
Junos
Version 18.1 r3
Junos
Version 18.2
Junos
Version 18.2 r1-s3
Junos
Version 18.2 r1-s4
Junos
Version 18.2 r1-s5
Junos
Version 18.2 r1
Junos
Version 18.2 r1
Junos
Version 18.2 r2-s1
Junos
Version 18.2 r2-s2
Junos
Version 18.2 r2-s3
Junos
Version 18.2 r2-s4
Junos
Version 18.2 r2-s5
Junos
Version 18.2 r2-s6
Junos
Version 18.2 r2
Junos
Version 18.3
Junos
Version 18.3 r1-s1
Junos
Version 18.3 r1-s2
Junos
Version 18.3 r1-s3
Junos
Version 18.3 r1-s5
Junos
Version 18.3 r1-s6
Junos
Version 18.3 r1
Junos
Version 18.3 r2-s1
Junos
Version 18.3 r2-s2
Junos
Version 18.3 r2-s3
Junos
Version 18.3 r2
Junos
Version 18.4
Junos
Version 18.4 r1-s1
Junos
Version 18.4 r1-s2
Junos
Version 18.4 r1-s5
Junos
Version 18.4 r1-s6
Junos
Version 18.4 r1
Junos
Version 19.1
Junos
Version 19.1 r1-s1
Junos
Version 19.1 r1-s2
Junos
Version 19.1 r1-s3
Junos
Version 19.1 r1-s4
Junos
Version 19.1 r1
Junos
Version 19.2
Junos
Version 19.2 r1-s1
Junos
Version 19.2 r1-s2
Junos
Version 19.2 r1-s3
Junos
Version 19.2 r1
Running on/withPlatform Versions
Juniper
Nfx150
All versions
Juniper
Nfx250
All versions
Juniper
Nfx350
All versions
Juniper
Srx1500
All versions
Juniper
Srx300
All versions
Juniper
Srx320
All versions
Juniper
Srx340
All versions
Juniper
Srx345
All versions
Juniper
Srx380
All versions
Juniper
Srx4100
All versions
Juniper
Srx4200
All versions
Juniper
Srx4600
All versions
Juniper
Srx5400
All versions
Juniper
Srx550
All versions
Juniper
Srx5600
All versions
Juniper
Srx5800
All versions

Related CWEs

CWE-320
CWE-320
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (10)

Source: sirt@juniper.net
Vendor Advisory
Source: sirt@juniper.net
Vendor Advisory
Source: sirt@juniper.net
Vendor Advisory
Source: sirt@juniper.net
Vendor Advisory
Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.