{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44187", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2023-09-26T19:30:27.953Z", "datePublished": "2023-10-11T20:37:23.379Z", "dateUpdated": "2024-09-18T14:36:44.931Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.4R3-S7-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.1*", "status": "affected", "version": "21.1R1", "versionType": "semver"}, {"lessThan": "21.2R3-S5-EVO", "status": "affected", "version": "21.2", "versionType": "semver"}, {"lessThan": "21.3R3-S4-EVO", "status": "affected", "version": "21.3", "versionType": "semver"}, {"lessThan": "21.4R3-S4-EVO", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R3-S2-EVO", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R2-EVO", "status": "affected", "version": "22.2", "versionType": "semver"}]}], "datePublic": "2023-10-11T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.<br><br>This issue affects Juniper Networks Junos OS Evolved:<br><ul><li>All versions prior to 20.4R3-S7-EVO;</li><li>21.1 versions 21.1R1-EVO and later;</li><li>21.2 versions prior to 21.2R3-S5-EVO;</li><li>21.3 versions prior to 21.3R3-S4-EVO;</li><li>21.4 versions prior to 21.4R3-S4-EVO;</li><li>22.1 versions prior to 22.1R3-S2-EVO;</li><li>22.2 versions prior to 22.2R2-EVO.</li></ul>"}], "value": "An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n  *  All versions prior to 20.4R3-S7-EVO;\n  *  21.1 versions 21.1R1-EVO and later;\n  *  21.2 versions prior to 21.2R3-S5-EVO;\n  *  21.3 versions prior to 21.3R3-S4-EVO;\n  *  21.4 versions prior to 21.4R3-S4-EVO;\n  *  22.1 versions prior to 22.1R3-S2-EVO;\n  *  22.2 versions prior to 22.2R2-EVO.\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2023-10-11T21:09:50.294Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA73151"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.</p>"}], "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\n\n"}], "source": {"advisory": "JSA73151", "defect": ["1639609"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2023-10-11T16:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS Evolved: 'file copy' CLI command can disclose password to shell users", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Restrict Junos OS Evolved shell access to trusted users only.</p><p>Avoid or disallow the use of the 'file copy' command.</p>"}], "value": "Restrict Junos OS Evolved shell access to trusted users only.\n\nAvoid or disallow the use of the 'file copy' command.\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.268Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA73151"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T14:36:15.878708Z", "id": "CVE-2023-44187", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T14:36:44.931Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://supportportal.juniper.net/JSA73151", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.268Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-18T14:36:15.878708Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T14:36:23.724Z"}}], "cna": {"title": "Junos OS Evolved: 'file copy' CLI command can disclose password to shell users", "source": {"defect": ["1639609"], "advisory": "JSA73151", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "0", "lessThan": "20.4R3-S7-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.1R1", "lessThan": "21.1*", "versionType": "semver"}, {"status": "affected", "version": "21.2", "lessThan": "21.2R3-S5-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.3", "lessThan": "21.3R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R3-S2-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2023-10-11T16:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.</p>", "base64": false}]}], "datePublic": "2023-10-11T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA73151", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Restrict Junos OS Evolved shell access to trusted users only.\n\nAvoid or disallow the use of the 'file copy' command.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Restrict Junos OS Evolved shell access to trusted users only.</p><p>Avoid or disallow the use of the 'file copy' command.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}, "descriptions": [{"lang": "en", "value": "An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n  *  All versions prior to 20.4R3-S7-EVO;\n  *  21.1 versions 21.1R1-EVO and later;\n  *  21.2 versions prior to 21.2R3-S5-EVO;\n  *  21.3 versions prior to 21.3R3-S4-EVO;\n  *  21.4 versions prior to 21.4R3-S4-EVO;\n  *  22.1 versions prior to 22.1R3-S2-EVO;\n  *  22.2 versions prior to 22.2R2-EVO.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.<br><br>This issue affects Juniper Networks Junos OS Evolved:<br><ul><li>All versions prior to 20.4R3-S7-EVO;</li><li>21.1 versions 21.1R1-EVO and later;</li><li>21.2 versions prior to 21.2R3-S5-EVO;</li><li>21.3 versions prior to 21.3R3-S4-EVO;</li><li>21.4 versions prior to 21.4R3-S4-EVO;</li><li>22.1 versions prior to 22.1R3-S2-EVO;</li><li>22.2 versions prior to 22.2R2-EVO.</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2023-10-11T21:09:50.294Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44187", "state": "PUBLISHED", "dateUpdated": "2024-09-18T14:36:44.931Z", "dateReserved": "2023-09-26T19:30:27.953Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2023-10-11T20:37:23.379Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199", "versionEndExcluding": "20.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*", "matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*", "matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*", "matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*", "matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*", "matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*", "matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*", "matchCriteriaId": "52C3552E-798F-4719-B38D-F74E34EAAA40", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*", "matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*", "matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*", "matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "FA43782E-0719-496E-9237-E1ABD3C4C664", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "78897DD2-E161-4191-94FF-7400FB612DF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*", "matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*", "matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*", "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*", "matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*", "matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*", "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*", "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*", "matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "703C73EB-2D63-4D4F-8129-239AE1E96B2B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*", "matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*", "matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*", "matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*", "matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*", "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n  *  All versions prior to 20.4R3-S7-EVO;\n  *  21.1 versions 21.1R1-EVO and later;\n  *  21.2 versions prior to 21.2R3-S5-EVO;\n  *  21.3 versions prior to 21.3R3-S4-EVO;\n  *  21.4 versions prior to 21.4R3-S4-EVO;\n  *  22.1 versions prior to 22.1R3-S2-EVO;\n  *  22.2 versions prior to 22.2R2-EVO.\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n Confidencial en el comando 'file copy' de Junos OS Evolved permite a un atacante local autenticado con acceso al shell ver las contrase\u00f1as proporcionadas en la l\u00ednea de comandos CLI. Estas credenciales se pueden utilizar para proporcionar acceso no autorizado al sistema remoto. Este problema afecta a Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S7-EVO; * 21.1 versiones 21.1R1-EVO y posteriores; * Versiones 21.2 anteriores a 21.2R3-S5-EVO; * Versiones 21.3 anteriores a 21.3R3-S4-EVO; * Versiones 21.4 anteriores a 21.4R3-S4-EVO; * Versiones 22.1 anteriores a 22.1R3-S2-EVO; * Versiones 22.2 anteriores a 22.2R2-EVO."}], "id": "CVE-2023-44187", "lastModified": "2024-11-21T08:25:23.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-11T21:15:09.970", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA73151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA73151"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}