CVE-2020-1606 Vulnerability Details

/ / /

CVE-2020-1606 Metadata Quick Info

CVE Published: 15/01/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: juniper | Vendor: Juniper Networks | Product: Junos OS
Status : PUBLISHED

CVE-2020-1606 Description

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with \'world\' readable permission and delete files with \'world\' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2.

Metrics

CVSS Version: 3.1 | Base Score: 5.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
Attack Vector (AV)* NETWORK
Attack Complexity (AC)* LOW
Privileges Required (PR)* LOW
User Interaction (UI)* NONE
Scope (S)* UNCHANGED

l➤ Impact Metrics:
Confidentiality Impact (C)* LOW
Integrity Impact (I)* LOW
Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-22
CWE Name: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( Path Traversal )
Source: Juniper Networks

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:

Source: NVD (National Vulnerability Database).