CVE-2023-44187 - Vulnerability Details

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.

This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S7-EVO;
* 21.1 versions 21.1R1-EVO and later;
* 21.2 versions prior to 21.2R3-S5-EVO;
* 21.3 versions prior to 21.3R3-S4-EVO;
* 21.4 versions prior to 21.4R3-S4-EVO;
* 22.1 versions prior to 22.1R3-S2-EVO;
* 22.2 versions prior to 22.2R2-EVO.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Juniper	Junos Os Evolved

Configuration 1 [-]

OR	cpe:2.3:o:juniper:junos_os_evolved::::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.1:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.1:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.1:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.1:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:22.2:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1::::::

No data.

References

Link	Providers
https://supportportal.juniper.net/JSA73151

History

Wed, 18 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2023-10-11T20:37:23.379Z

Updated: 2024-09-18T14:36:44.931Z

Reserved: 2023-09-26T19:30:27.953Z

Link: CVE-2023-44187

Vulnrichment

Updated: 2024-08-02T19:59:51.268Z

NVD

Status : Modified

Published: 2023-10-11T21:15:09.970

Modified: 2024-11-21T08:25:23.983

Link: CVE-2023-44187

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object