CVE-2020-1669
Summary
| CVE | CVE-2020-1669 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-16 21:15:00 UTC |
| Updated | 2020-10-27 18:41:00 UTC |
| Description | The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Juniper | Junos | 19.4 | r1 | All | All |
| Operating System | Juniper | Junos | 19.4 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 19.4 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2 | All | All |
| Operating System | Juniper | Junos | 20.1 | r1 | All | All |
| Operating System | Juniper | Junos | 20.1 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 20.1 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 20.1 | r1-s3 | All | All |
| Operating System | Juniper | Junos | 19.4 | r1 | All | All |
| Operating System | Juniper | Junos | 19.4 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 19.4 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2 | All | All |
| Operating System | Juniper | Junos | 20.1 | r1 | All | All |
| Operating System | Juniper | Junos | 20.1 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 20.1 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 20.1 | r1-s3 | All | All |
| Hardware | Juniper | Nfx350 | - | All | All | All |
| Hardware | Juniper | Nfx350 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2020-10 Security Bulletin: Junos OS: NFX350: Password hashes stored in world-readable format (CVE-2020-1669) - Juniper Networks | CONFIRM | kb.juniper.net | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.