← back
CVE-2020-1624

Junos OS Evolved: objmon logs may leak sensitive information

CVSS 5.5 MEDIUMEPSS 0.3%CWE-532
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Apr 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Juniper Networks · Junos OS Evolved

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kb.juniper.net/JSA11003