CVE-2020-1669
Junos OS: NFX350: Password hashes stored in world-readable format
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.
El contenedor Juniper Device Manager (JDM), utilizado por la arquitectura de Junos OS desagregado en los dispositivos Juniper Networks NFX350 Series, almacena hashes de contraseña en el archivo /etc/passwd de tipo world-readable. Esta no es una de las mejores prácticas de seguridad actuales, ya que puede permitir a un atacante con acceso al sistema de archivos local la capacidad de descifrar por fuerza bruta los hashes de contraseña almacenados en el sistema. Este problema afecta a Juniper Networks Junos OS en NFX350: versiones 19.4 anteriores a 19.4R3; versiones 20.1 anteriores a 20.1R1-S4, 20.1R2
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-04 CVE Reserved
- 2020-10-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-256: Plaintext Storage of a Password
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Nfx350 Search vendor "Juniper" for product "Nfx350" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Nfx350 Search vendor "Juniper" for product "Nfx350" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r1-s2 |
Affected
| in | Juniper Search vendor "Juniper" | Nfx350 Search vendor "Juniper" for product "Nfx350" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Nfx350 Search vendor "Juniper" for product "Nfx350" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Nfx350 Search vendor "Juniper" for product "Nfx350" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Nfx350 Search vendor "Juniper" for product "Nfx350" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r1-s2 |
Affected
| in | Juniper Search vendor "Juniper" | Nfx350 Search vendor "Juniper" for product "Nfx350" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r1-s3 |
Affected
| in | Juniper Search vendor "Juniper" | Nfx350 Search vendor "Juniper" for product "Nfx350" | - | - |
Safe
|