CVE-2023-44201

Published: Oct 13, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO.

Affected (86)

Products: Juniper: Junos, Junos Os Evolved

Juniper

2 products

Junos

Junos Os Evolved

Configuration A

41 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Before 20.4
Juniper Junos	Version 20.4
Juniper Junos	Version 20.4 r1-s1
Juniper Junos	Version 20.4 r1
Juniper Junos	Version 20.4 r2-s1
Juniper Junos	Version 20.4 r2-s2
Juniper Junos	Version 20.4 r2
Juniper Junos	Version 20.4 r3-s1
Juniper Junos	Version 20.4 r3-s2
Juniper Junos	Version 20.4 r3-s3
Juniper Junos	Version 20.4 r3
Juniper Junos	Version 21.1
Juniper Junos	Version 21.1 r1-s1
Juniper Junos	Version 21.1 r1
Juniper Junos	Version 21.1 r2-s1
Juniper Junos	Version 21.1 r2-s2
Juniper Junos	Version 21.1 r2
Juniper Junos	Version 21.1 r3-s1
Juniper Junos	Version 21.1 r3-s2
Juniper Junos	Version 21.1 r3-s3
Juniper Junos	Version 21.1 r3
Juniper Junos	Version 21.2
Juniper Junos	Version 21.2 r1-s1
Juniper Junos	Version 21.2 r1-s2
Juniper Junos	Version 21.2 r1
Juniper Junos	Version 21.2 r2-s1
Juniper Junos	Version 21.2 r2-s2
Juniper Junos	Version 21.2 r2
Juniper Junos	Version 21.2 r3-s1
Juniper Junos	Version 21.2 r3
Juniper Junos	Version 21.3
Juniper Junos	Version 21.3 r1-s1
Juniper Junos	Version 21.3 r1-s2
Juniper Junos	Version 21.3 r1
Juniper Junos	Version 21.3 r2-s1
Juniper Junos	Version 21.3 r2
Juniper Junos	Version 21.4
Juniper Junos	Version 21.4 r1-s1
Juniper Junos	Version 21.4 r1-s2
Juniper Junos	Version 21.4 r1
Juniper Junos	Version 21.4 r2

Configuration B

45 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos Os Evolved	Before 20.4
Juniper Junos Os Evolved	Version 20.4
Juniper Junos Os Evolved	Version 20.4 r1-s1
Juniper Junos Os Evolved	Version 20.4 r1-s2
Juniper Junos Os Evolved	Version 20.4 r1
Juniper Junos Os Evolved	Version 20.4 r2-s1
Juniper Junos Os Evolved	Version 20.4 r2-s2
Juniper Junos Os Evolved	Version 20.4 r2-s3
Juniper Junos Os Evolved	Version 20.4 r2
Juniper Junos Os Evolved	Version 20.4 r3-s1
Juniper Junos Os Evolved	Version 20.4 r3-s2
Juniper Junos Os Evolved	Version 20.4 r3-s3
Juniper Junos Os Evolved	Version 20.4 r3-s4
Juniper Junos Os Evolved	Version 20.4 r3-s5
Juniper Junos Os Evolved	Version 20.4 r3-s6
Juniper Junos Os Evolved	Version 20.4 r3-s7
Juniper Junos Os Evolved	Version 20.4 r3
Juniper Junos Os Evolved	Version 21.1
Juniper Junos Os Evolved	Version 21.1 r1-s1
Juniper Junos Os Evolved	Version 21.1 r1
Juniper Junos Os Evolved	Version 21.1 r2
Juniper Junos Os Evolved	Version 21.1 r3-s1
Juniper Junos Os Evolved	Version 21.1 r3
Juniper Junos Os Evolved	Version 21.2
Juniper Junos Os Evolved	Version 21.2 r1-s1
Juniper Junos Os Evolved	Version 21.2 r1-s2
Juniper Junos Os Evolved	Version 21.2 r1
Juniper Junos Os Evolved	Version 21.2 r2-s1
Juniper Junos Os Evolved	Version 21.2 r2-s2
Juniper Junos Os Evolved	Version 21.2 r2
Juniper Junos Os Evolved	Version 21.2 r3-s1
Juniper Junos Os Evolved	Version 21.2 r3
Juniper Junos Os Evolved	Version 21.3
Juniper Junos Os Evolved	Version 21.3 r1-s1
Juniper Junos Os Evolved	Version 21.3 r1
Juniper Junos Os Evolved	Version 21.3 r2-s1
Juniper Junos Os Evolved	Version 21.3 r2-s2
Juniper Junos Os Evolved	Version 21.3 r2
Juniper Junos Os Evolved	Version 21.3 r3
Juniper Junos Os Evolved	Version 21.4
Juniper Junos Os Evolved	Version 21.4 r1-s1
Juniper Junos Os Evolved	Version 21.4 r1-s2
Juniper Junos Os Evolved	Version 21.4 r1
Juniper Junos Os Evolved	Version 21.4 r2-s1
Juniper Junos Os Evolved	Version 21.4 r2

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://supprtportal.juniper.net/JSA73167

Source: sirt@juniper.net

Broken Link

https://supprtportal.juniper.net/JSA73167

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.