CVE-2023-28966

Published: Apr 17, 2023

Modified: Feb 6, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.

Vendor	Product	Versions
Juniper Networks	Junos OS Evolved	affected `unspecified - < 20.4R3-S5-EVO` affected `21.2 - < 21.2R3-EVO` affected `21.3 - < 21.3R2-EVO`

Weaknesses (CWE)

CWE-276

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://supportportal.juniper.net/JSA70590

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-28966

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References