CVE-2023-28966
Last modified
CVE-2023-28966 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. EPSS estimates a 0.16% chance of exploitation in the next 30 days.
Description
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos Os Evolved | < 20.4 |
| Juniper | Junos Os Evolved | 20.4 |
| Juniper | Junos Os Evolved | 21.2 |
| Juniper | Junos Os Evolved | 21.3 |
References
- https://supportportal.juniper.net/JSA70590Vendor Advisory
- https://supportportal.juniper.net/JSA70590Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28966?
How severe is CVE-2023-28966?
How do I fix CVE-2023-28966?
Are you affected by CVE-2023-28966?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST