← Back

CVE-2023-28966

nvd nist
Published: Apr 17, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: sirt@juniper.net (Secondary)

Description

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.

Affected (24)

Juniper
1 product
Junos Os Evolved
Configuration A
24 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos Os Evolved
Before 20.4
Junos Os Evolved
Version 20.4
Junos Os Evolved
Version 20.4 r1-s1
Junos Os Evolved
Version 20.4 r1-s2
Junos Os Evolved
Version 20.4 r1
Junos Os Evolved
Version 20.4 r2-s1
Junos Os Evolved
Version 20.4 r2-s2
Junos Os Evolved
Version 20.4 r2-s3
Junos Os Evolved
Version 20.4 r2
Junos Os Evolved
Version 20.4 r3-s1
Junos Os Evolved
Version 20.4 r3-s2
Junos Os Evolved
Version 20.4 r3-s3
Junos Os Evolved
Version 20.4 r3-s4
Junos Os Evolved
Version 20.4 r3
Junos Os Evolved
Version 21.2
Junos Os Evolved
Version 21.2 r1-s1
Junos Os Evolved
Version 21.2 r1-s2
Junos Os Evolved
Version 21.2 r1
Junos Os Evolved
Version 21.2 r2-s1
Junos Os Evolved
Version 21.2 r2-s2
Junos Os Evolved
Version 21.2 r2
Junos Os Evolved
Version 21.3
Junos Os Evolved
Version 21.3 r1-s1
Junos Os Evolved
Version 21.3 r1

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.