The system console configuration option log-out-on-disconnect In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Junos_os_evolved | Juniper | 19.2-r1 (including) | 19.2-r1 (including) |
| Junos_os_evolved | Juniper | 19.2-r2 (including) | 19.2-r2 (including) |
| Junos_os_evolved | Juniper | 19.3-r2 (including) | 19.3-r2 (including) |
| Junos_os_evolved | Juniper | 19.4-r1 (including) | 19.4-r1 (including) |
| Junos_os_evolved | Juniper | 19.4-r2 (including) | 19.4-r2 (including) |
| Junos_os_evolved | Juniper | 19.4-r2-s1 (including) | 19.4-r2-s1 (including) |
| Junos_os_evolved | Juniper | 20.1-r1 (including) | 20.1-r1 (including) |