Junos OS Evolved: 'file copy' CLI command can disclose password to shell users
CVE-2023-44187

5.9MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os Evolved
Vendor: CVE Published:; 11 October 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.

This issue affects Juniper Networks Junos OS Evolved:

All versions prior to 20.4R3-S7-EVO;
21.1 versions 21.1R1-EVO and later;
21.2 versions prior to 21.2R3-S5-EVO;
21.3 versions prior to 21.3R3-S4-EVO;
21.4 versions prior to 21.4R3-S4-EVO;
22.1 versions prior to 22.1R3-S2-EVO;
22.2 versions prior to 22.2R2-EVO.

Affected Version(s)

Junos OS Evolved 0 < 20.4R3-S7-EVO

Junos OS Evolved 21.1R1 < 21.1*

Junos OS Evolved 21.2 < 21.2R3-S5-EVO

News Articles

🔗GBHackers News

CVE-2023-44189 CVE-2023-44187

Juniper Networks Junos OS Flaw Let Attackers Flood the system

Three new vulnerabilities have been discovered in Junos OS which were associated with password disclosure, MAC address validation bypass.

5 months ago

References

https://supportportal.juniper.net/JSA73151

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Sep 18, 2024
📰
First article discovered by GBHackers News
Sep 2, 2024
Vulnerability published
Oct 11, 2023
Vulnerability Reserved
Sep 26, 2023