CVE-2023-44187 MEDIUM

CVE-2023-44187: Junos OS Evolved: 'file copy' CLI command can disclose password to shell users

Vendor Juniper Networks
Product Junos OS Evolved
Weakness CWE-200 · Info exposure
Published October 11, 2023
Last update September 18, 2024

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S7-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R2-EVO.

Key dates

02Disclosure timeline

October 11, 2023 CVE published
September 18, 2024 Record updated