← back
CVE-2018-0023

Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission

CVSS 5.5 MEDIUMEPSS 0.3%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Apr 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →