NVD Vulnerability Detail

CVE-2020-1631

Summary	A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user 'nobody', the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with 'world' readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes \| match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns "=;&" or "%3b&" in /var/log/httpd.log, using the following command: user@device> show log httpd.log \| match "=;&\|=%3b&" If this command returns any output, it might be an indication of malicious attempts or simply scanning activities. Rotated logs should also be reviewed, using the following command: user@device> show log httpd.log.0.gz \| match "=;&\|=%3b&" user@device> show log httpd.log.1.gz \| match "=;&\|=%3b&" Note that a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been attacked. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105; 14.1X53 versions prior to 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 ; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S5, 19.1R3-S1; 19.1 version 19.1R2 and later versions; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2.
Publication Date	May 4, 2020, 7:15 p.m.
Registration Date	Jan. 26, 2021, 11:54 a.m.
Last Update	Nov. 21, 2024, 2:11 p.m.

CVSS3.1 : CRITICAL
スコア	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:juniper:junos:15.1x49:d50::::::
cpe:2.3:o:juniper:junos:15.1x49:d30::::::
cpe:2.3:o:juniper:junos:15.1:r7::::::
cpe:2.3:o:juniper:junos:12.3:r11::::::
cpe:2.3:o:juniper:junos:15.1x49:d70::::::
cpe:2.3:o:juniper:junos:15.1:f1::::::
cpe:2.3:o:juniper:junos:15.1x49:d80::::::
cpe:2.3:o:juniper:junos:14.1x53:d45::::::
cpe:2.3:o:juniper:junos:15.1:f6-s4::::::
cpe:2.3:o:juniper:junos:14.1x53:d15::::::
cpe:2.3:o:juniper:junos:12.3x48:d10::::::
cpe:2.3:o:juniper:junos:15.1x49:d110::::::
cpe:2.3:o:juniper:junos:15.1:f2-s3::::::
cpe:2.3:o:juniper:junos:15.1:f7::::::
cpe:2.3:o:juniper:junos:15.1x49:d60::::::
cpe:2.3:o:juniper:junos:14.1x53:d35::::::
cpe:2.3:o:juniper:junos:14.1x53:d10::::::
cpe:2.3:o:juniper:junos:16.1:r1::::::
cpe:2.3:o:juniper:junos:14.1x53:d40::::::
cpe:2.3:o:juniper:junos:15.1:r3::::::
cpe:2.3:o:juniper:junos:14.1x53:d30::::::
cpe:2.3:o:juniper:junos:12.3x48:d15::::::
cpe:2.3:o:juniper:junos:14.1x53:d42::::::
cpe:2.3:o:juniper:junos:15.1:f2-s2::::::
cpe:2.3:o:juniper:junos:12.3:r1::::::
cpe:2.3:o:juniper:junos:15.1:r6::::::
cpe:2.3:o:juniper:junos:15.1:f4::::::
cpe:2.3:o:juniper:junos:15.1:r4::::::
cpe:2.3:o:juniper:junos:15.1:f2-s4::::::
cpe:2.3:o:juniper:junos:12.3x48:d35::::::
cpe:2.3:o:juniper:junos:14.1x53:d25::::::
cpe:2.3:o:juniper:junos:12.3x48:d50::::::
cpe:2.3:o:juniper:junos:15.1:f5-s7::::::
cpe:2.3:o:juniper:junos:15.1:f6-s7::::::
cpe:2.3:o:juniper:junos:15.1:f6::::::
cpe:2.3:o:juniper:junos:15.1x49:d100::::::
cpe:2.3:o:juniper:junos:12.3:r12::::::
cpe:2.3:o:juniper:junos:15.1:f2::::::
cpe:2.3:o:juniper:junos:14.1x53:d27::::::
cpe:2.3:o:juniper:junos:12.3x48:d30::::::
cpe:2.3:o:juniper:junos:15.1x49:d35::::::
cpe:2.3:o:juniper:junos:15.1:a1::::::
cpe:2.3:o:juniper:junos:17.2:r1::::::
cpe:2.3:o:juniper:junos:16.1:r4-s4::::::
cpe:2.3:o:juniper:junos:15.1:f3::::::
cpe:2.3:o:juniper:junos:15.1:r2::::::
cpe:2.3:o:juniper:junos:14.1x53:d16::::::
cpe:2.3:o:juniper:junos:16.1:r4::::::
cpe:2.3:o:juniper:junos:15.1:r4-s7::::::
cpe:2.3:o:juniper:junos:15.1x49:d45::::::
cpe:2.3:o:juniper:junos:12.3:r10::::::
cpe:2.3:o:juniper:junos:15.1:r4-s8::::::
cpe:2.3:o:juniper:junos:16.1:r4-s3::::::
cpe:2.3:o:juniper:junos:15.1x49:d75::::::
cpe:2.3:o:juniper:junos:15.1x49:d65::::::
cpe:2.3:o:juniper:junos:15.1:r5-s5::::::
cpe:2.3:o:juniper:junos:15.1x49:d90::::::
cpe:2.3:o:juniper:junos:14.1x53:d43::::::
cpe:2.3:o:juniper:junos:15.1:r6-s1::::::
cpe:2.3:o:juniper:junos:12.3x48:d25::::::
cpe:2.3:o:juniper:junos:14.1x53:d44::::::
cpe:2.3:o:juniper:junos:12.3x48:d45::::::
cpe:2.3:o:juniper:junos:15.1:r5::::::
cpe:2.3:o:juniper:junos:12.3x48:d55::::::
cpe:2.3:o:juniper:junos:15.1:r1::::::
cpe:2.3:o:juniper:junos:15.1x49:d40::::::
cpe:2.3:o:juniper:junos:15.1:f2-s1::::::
cpe:2.3:o:juniper:junos:15.1:r5-s1::::::
cpe:2.3:o:juniper:junos:17.2:r2::::::
cpe:2.3:o:juniper:junos:15.1:f5::::::
cpe:2.3:o:juniper:junos:12.3x48:d20::::::
cpe:2.3:o:juniper:junos:16.1:r3::::::
cpe:2.3:o:juniper:junos:15.1x49:d20::::::
cpe:2.3:o:juniper:junos:16.1:r5::::::
cpe:2.3:o:juniper:junos:15.1x49:d10::::::
cpe:2.3:o:juniper:junos:14.1x53:d26::::::
cpe:2.3:o:juniper:junos:15.1x49:d55::::::
cpe:2.3:o:juniper:junos:15.1x49:d15::::::
cpe:2.3:o:juniper:junos:12.3x48:d40::::::
cpe:2.3:o:juniper:junos:16.1:r2::::::
cpe:2.3:o:juniper:junos:14.1x53:d50::::::
cpe:2.3:o:juniper:junos:15.1:r5-s6::::::
cpe:2.3:o:juniper:junos:15.1:r6-s2::::::
cpe:2.3:o:juniper:junos:17.2:r1-s2::::::
cpe:2.3:o:juniper:junos:15.1x49:d25::::::
cpe:2.3:o:juniper:junos:12.3x48:d60::::::
cpe:2.3:o:juniper:junos:12.3x48:d65::::::
cpe:2.3:o:juniper:junos:14.1x53:d46::::::
cpe:2.3:o:juniper:junos:15.1x49:d120::::::
cpe:2.3:o:juniper:junos:15.1x49:d130::::::
cpe:2.3:o:juniper:junos:15.1:r4-s9::::::
cpe:2.3:o:juniper:junos:15.1:r6-s6::::::
cpe:2.3:o:juniper:junos:16.1:r5-s4::::::
cpe:2.3:o:juniper:junos:16.1:r6-s1::::::
cpe:2.3:o:juniper:junos:16.1:r7::::::
cpe:2.3:o:juniper:junos:17.3:r2::::::
cpe:2.3:o:juniper:junos:17.4:r1::::::
cpe:2.3:o:juniper:junos:17.4:r2::::::
cpe:2.3:o:juniper:junos:15.1:f::::::
cpe:2.3:o:juniper:junos:12.3x48:d70::::::
cpe:2.3:o:juniper:junos:15.1x49:d140::::::
cpe:2.3:o:juniper:junos:17.3:r2-s2::::::
cpe:2.3:o:juniper:junos:15.1:f6-s3::::::
cpe:2.3:o:juniper:junos:14.1x53:d47::::::
cpe:2.3:o:juniper:junos:14.1x53:d48::::::
cpe:2.3:o:juniper:junos:18.1:r3::::::
cpe:2.3:o:juniper:junos:15.1:r7-s1::::::
cpe:2.3:o:juniper:junos:17.2:r2-s6::::::
cpe:2.3:o:juniper:junos:12.3x48:d75::::::
cpe:2.3:o:juniper:junos:15.1x49:d160::::::
cpe:2.3:o:juniper:junos:16.1:r6-s6::::::
cpe:2.3:o:juniper:junos:18.1:r2::::::
cpe:2.3:o:juniper:junos:16.1:r3-s10::::::
cpe:2.3:o:juniper:junos:17.2:r1-s7::::::
cpe:2.3:o:juniper:junos:15.1:r7-s2::::::
cpe:2.3:o:juniper:junos:15.1:r7-s3::::::
cpe:2.3:o:juniper:junos:12.3x48:d51::::::
cpe:2.3:o:juniper:junos:17.4:r2-s2::::::
cpe:2.3:o:juniper:junos:17.2:r1-s1::::::
cpe:2.3:o:juniper:junos:17.2:r1-s3::::::
cpe:2.3:o:juniper:junos:17.2:r1-s5::::::
cpe:2.3:o:juniper:junos:17.4:r1-s1::::::
cpe:2.3:o:juniper:junos:12.3x48:d80::::::
cpe:2.3:o:juniper:junos:15.1x49:d150::::::
cpe:2.3:o:juniper:junos:18.2:-::::::
cpe:2.3:o:juniper:junos:18.2:r2-s1::::::
cpe:2.3:o:juniper:junos:18.2:r2-s2::::::
cpe:2.3:o:juniper:junos:18.2:r1-s3::::::
cpe:2.3:o:juniper:junos:18.3:r1-s1::::::
cpe:2.3:o:juniper:junos:17.2:r1-s4::::::
cpe:2.3:o:juniper:junos:17.3:r3-s1::::::
cpe:2.3:o:juniper:junos:17.3:r3-s2::::::
cpe:2.3:o:juniper:junos:17.4:r1-s2::::::
cpe:2.3:o:juniper:junos:17.3:r2-s1::::::
cpe:2.3:o:juniper:junos:18.3:r2::::::
cpe:2.3:o:juniper:junos:18.3:r1::::::
cpe:2.3:o:juniper:junos:17.4:r3::::::
cpe:2.3:o:juniper:junos:17.4:r2-s1::::::
cpe:2.3:o:juniper:junos:18.1:r2-s2::::::
cpe:2.3:o:juniper:junos:15.1:f6-s2::::::
cpe:2.3:o:juniper:junos:15.1:f6-s1::::::
cpe:2.3:o:juniper:junos:18.4:r1::::::
cpe:2.3:o:juniper:junos:17.4:-::::::
cpe:2.3:o:juniper:junos:18.1:r3-s4::::::
cpe:2.3:o:juniper:junos:18.1:r3-s3::::::
cpe:2.3:o:juniper:junos:18.1:r3-s2::::::
cpe:2.3:o:juniper:junos:18.1:-::::::
cpe:2.3:o:juniper:junos:18.1:r2-s1::::::
cpe:2.3:o:juniper:junos:18.1:r2-s4::::::
cpe:2.3:o:juniper:junos:15.1:-::::::
cpe:2.3:o:juniper:junos:16.1:-::::::
cpe:2.3:o:juniper:junos:17.2:-::::::
cpe:2.3:o:juniper:junos:17.3:-::::::
cpe:2.3:o:juniper:junos:12.3:r12-s8::::::
cpe:2.3:o:juniper:junos:12.3x48:-::::::
cpe:2.3:o:juniper:junos:14.1x53:-::::::
cpe:2.3:o:juniper:junos:15.1x49:-::::::
cpe:2.3:o:juniper:junos:18.3:r1-s2::::::
cpe:2.3:o:juniper:junos:18.3:-::::::
cpe:2.3:o:juniper:junos:18.4:-::::::
cpe:2.3:o:juniper:junos:17.4:r1-s5::::::
cpe:2.3:o:juniper:junos:18.1:r3-s1::::::
cpe:2.3:o:juniper:junos:17.3:r3:-:::::*
cpe:2.3:o:juniper:junos:17.3:r3-s3::::::
cpe:2.3:o:juniper:junos:17.4:r1-s7::::::
cpe:2.3:o:juniper:junos:12.3:-::::::
cpe:2.3:o:juniper:junos:16.1:r3-s11::::::
cpe:2.3:o:juniper:junos:17.4:r1-s4::::::
cpe:2.3:o:juniper:junos:18.4:r1-s1::::::
cpe:2.3:o:juniper:junos:15.1x49:d180::::::
cpe:2.3:o:juniper:junos:15.1x49:d170::::::
cpe:2.3:o:juniper:junos:17.3:r3-s4::::::
cpe:2.3:o:juniper:junos:17.4:r2-s3::::::
cpe:2.3:o:juniper:junos:17.4:r2-s4::::::
cpe:2.3:o:juniper:junos:17.4:r1-s6::::::
cpe:2.3:o:juniper:junos:18.3:r1-s3::::::
cpe:2.3:o:juniper:junos:17.2:r2-s7::::::
cpe:2.3:o:juniper:junos:18.2:r2-s3::::::
cpe:2.3:o:juniper:junos:18.2:r2-s4::::::
cpe:2.3:o:juniper:junos:14.1x53:d49::::::
cpe:2.3:o:juniper:junos:17.2:r3-s1::::::
cpe:2.3:o:juniper:junos:18.2:r1-s5::::::
cpe:2.3:o:juniper:junos:17.2:r1-s8::::::
cpe:2.3:o:juniper:junos:12.3x48:d85::::::
cpe:2.3:o:juniper:junos:18.4:r1-s3::::::
cpe:2.3:o:juniper:junos:18.4:r1-s4::::::
cpe:2.3:o:juniper:junos:18.4:r1-s2::::::
cpe:2.3:o:juniper:junos:19.1:r1::::::
cpe:2.3:o:juniper:junos:19.1:-::::::
cpe:2.3:o:juniper:junos:17.3:r2-s3::::::
cpe:2.3:o:juniper:junos:16.1:r7-s3::::::
cpe:2.3:o:juniper:junos:16.1:r7-s4::::::
cpe:2.3:o:juniper:junos:17.2:r3-s2::::::
cpe:2.3:o:juniper:junos:17.4:r2-s5::::::
cpe:2.3:o:juniper:junos:17.4:r2-s6::::::
cpe:2.3:o:juniper:junos:17.4:r2-s7::::::
cpe:2.3:o:juniper:junos:19.2:r1::::::
cpe:2.3:o:juniper:junos:18.4:r2::::::
cpe:2.3:o:juniper:junos:18.2:r3::::::
cpe:2.3:o:juniper:junos:18.1:r3-s6::::::
cpe:2.3:o:juniper:junos:18.1:r3-s7::::::
cpe:2.3:o:juniper:junos:19.1:r1-s1::::::
cpe:2.3:o:juniper:junos:19.1:r1-s3::::::
cpe:2.3:o:juniper:junos:19.1:r1-s2::::::
cpe:2.3:o:juniper:junos:12.3:r12-s13::::::
cpe:2.3:o:juniper:junos:12.3:r12-s14::::::
cpe:2.3:o:juniper:junos:15.1:r7-s4::::::
cpe:2.3:o:juniper:junos:17.3:r1-s1::::::
cpe:2.3:o:juniper:junos:15.1:r7-s5::::::
cpe:2.3:o:juniper:junos:16.1:r7-s2::::::
cpe:2.3:o:juniper:junos:18.2:r2-s5::::::
cpe:2.3:o:juniper:junos:18.2:r2-s6::::::
cpe:2.3:o:juniper:junos:18.4:r1-s5::::::
cpe:2.3:o:juniper:junos:15.1:f6-s12::::::
cpe:2.3:o:juniper:junos:19.2:r1-s1::::::
cpe:2.3:o:juniper:junos:19.2:r1-s2::::::
cpe:2.3:o:juniper:junos:18.3:r1-s5::::::
cpe:2.3:o:juniper:junos:18.2:r3-s1::::::
cpe:2.3:o:juniper:junos:15.1x49:d190::::::
cpe:2.3:o:juniper:junos:16.1:r7-s5::::::
cpe:2.3:o:juniper:junos:12.3:r12-s1::::::
cpe:2.3:o:juniper:junos:12.3:r12-s3::::::
cpe:2.3:o:juniper:junos:12.3:r12-s4::::::
cpe:2.3:o:juniper:junos:12.3:r12-s6::::::
cpe:2.3:o:juniper:junos:12.3:r12-s11::::::
cpe:2.3:o:juniper:junos:12.3:r12-s12::::::
cpe:2.3:o:juniper:junos:16.1:r4-s12::::::
cpe:2.3:o:juniper:junos:16.1:r4-s6::::::
cpe:2.3:o:juniper:junos:16.1:r4-s2::::::
cpe:2.3:o:juniper:junos:17.3:r2-s4::::::
cpe:2.3:o:juniper:junos:14.1x53:d51::::::
cpe:2.3:o:juniper:junos:18.3:r2-s1::::::
cpe:2.3:o:juniper:junos:18.3:r2-s2::::::
cpe:2.3:o:juniper:junos:17.4:r2-s8::::::
cpe:2.3:o:juniper:junos:12.3:r10-s1::::::
cpe:2.3:o:juniper:junos:12.3:r10-s2::::::
cpe:2.3:o:juniper:junos:18.4:r2-s1::::::
cpe:2.3:o:juniper:junos:17.2:r2-s11::::::
cpe:2.3:o:juniper:junos:19.3:-::::::
cpe:2.3:o:juniper:junos:19.3:r1::::::
cpe:2.3:o:juniper:junos:19.2:-::::::
cpe:2.3:o:juniper:junos:18.4:r2-s2::::::
cpe:2.3:o:juniper:junos:18.3:r1-s6::::::
cpe:2.3:o:juniper:junos:18.2:r3-s2::::::
cpe:2.3:o:juniper:junos:18.1:r3-s8::::::
cpe:2.3:o:juniper:junos:14.1x53:d52::::::
cpe:2.3:o:juniper:junos:19.2:r1-s3::::::
cpe:2.3:o:juniper:junos:18.3:r3::::::
cpe:2.3:o:juniper:junos:16.1:r7-s6::::::
cpe:2.3:o:juniper:junos:19.4:r1::::::
cpe:2.3:o:juniper:junos:19.3:r2::::::
cpe:2.3:o:juniper:junos:18.4:r3::::::
cpe:2.3:o:juniper:junos:18.4:r2-s3::::::
cpe:2.3:o:juniper:junos:18.3:r3-s1::::::
cpe:2.3:o:juniper:junos:18.1:r3-s9::::::
cpe:2.3:o:juniper:junos:17.3:r3-s7::::::
cpe:2.3:o:juniper:junos:15.1x49:d200::::::
cpe:2.3:o:juniper:junos:19.3:r2-s1::::::
cpe:2.3:o:juniper:junos:19.3:r1-s1::::::
cpe:2.3:o:juniper:junos:20.1:r1::::::
cpe:2.3:o:juniper:junos:19.4:r1-s1::::::
cpe:2.3:o:juniper:junos:19.3:r2-s2::::::
cpe:2.3:o:juniper:junos:19.1:r1-s4::::::
cpe:2.3:o:juniper:junos:18.4:r1-s6::::::
cpe:2.3:o:juniper:junos:18.3:r2-s3::::::
cpe:2.3:o:juniper:junos:18.2:r3-s3::::::
cpe:2.3:o:juniper:junos:17.4:r3-s1::::::
cpe:2.3:o:juniper:junos:17.4:r2-s9::::::
cpe:2.3:o:juniper:junos:17.4:r2-s10::::::
cpe:2.3:o:juniper:junos:17.2:r3-s3::::::
cpe:2.3:o:juniper:junos:16.1:r7-s7::::::
cpe:2.3:o:juniper:junos:15.1x49:d210::::::
cpe:2.3:o:juniper:junos:14.1x53:d53::::::
cpe:2.3:o:juniper:junos:12.3x48:d95::::::
cpe:2.3:o:juniper:junos:12.3x48:d90::::::
cpe:2.3:o:juniper:junos:12.3x48:d100::::::
cpe:2.3:o:juniper:junos:12.3:r12-s15::::::

Related information, measures and tools

No	URL	refsource	タグ
1	https://kb.juniper.net/JSA11021		Mitigation Vendor Advisory
2	https://kb.juniper.net/JSA11021		Mitigation Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

JVN Vulnerability Information

Juniper Networks Junos OS におけるパストラバーサルの脆弱性

Title	Juniper Networks Junos OS におけるパストラバーサルの脆弱性
Summary	Juniper Networks Junos OS には、パストラバーサルの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 27, 2020, midnight
Registration Date	June 5, 2020, 3:58 p.m.
Last Update	June 5, 2020, 3:58 p.m.

Affected System

ジュニパーネットワークス

Junos OS

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-1631	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1631
National Vulnerability Database (NVD)
2	CVE-2020-1631	https://nvd.nist.gov/vuln/detail/CVE-2020-1631

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
Knowledge Base
1	JSA11021	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=METADATA

Change Log

No	Changed Details	Date of change
1	[2020年06月05日] 掲載	June 5, 2020, 3:58 p.m.