CVE-2023-44201
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2023-44201 is a local privilege escalation vulnerability affecting Juniper Networks Junos OS and Junos OS Evolved. An attacker who is authenticated on the system can read configuration changes even if they lack the necessary permissions. This occurs due to an incorrect permission assignment for a critical file. When a user commits a configuration change, a new file is created, which is readable by all users. An attacker can exploit this and read sensitive information, including password hashes, during the password change process. This issue impacts multiple versions of Junos OS and Junos OS Evolved, including all releases prior to 20.4R3-S4, 21.1 versions prior to 21.1R3-S4, 21.2 versions prior to 21.2R3-S2, 21.3 versions prior to 21.3R2-S2, 21.3R3-S1, 21.4 versions prior to 21.4R2-S1, and 21.4R3 for Junos OS, and all releases prior to 20.4R3-S4-EVO, 21.1 versions prior to 21.1R3-S2-EVO, 21.2 versions prior to 21.2R3-S2-EVO, 21.3 versions prior to 21.3R3-S1-EVO, and 21.4 versions prior to 21.4R2-S2-EVO for Junos OS Evolved.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions