CVE Vulnerabilities

CVE-2020-1666

Insufficient Session Expiration

Published: Oct 16, 2020 | Modified: Oct 25, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The system console configuration option log-out-on-disconnect In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name Vendor Start Version End Version
Junos_os_evolved Juniper 19.2 19.2
Junos_os_evolved Juniper 19.2 19.2
Junos_os_evolved Juniper 19.3 19.3
Junos_os_evolved Juniper 19.4 19.4
Junos_os_evolved Juniper 19.4 19.4
Junos_os_evolved Juniper 19.4 19.4
Junos_os_evolved Juniper 20.1 20.1

Potential Mitigations

References