Home

CVE-2020-1606

Description

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with world readable permission and delete files with world writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.319

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-0047,CVE-2019-0053,CVE-2020-1606 are fixed in junos 12.3r12-s13NCM
Multiple Vulnerabilities are fixed in junos 14.1X53-D51NCM
Vulnerabilities CVE-2019-0047,CVE-2019-0062,CVE-2020-1601,CVE-2020-1606 are fixed in junos 15.1f6-s13NCM
Vulnerabilities CVE-2019-0062,CVE-2020-1606,CVE-2020-1607 are fixed in junos 16.1r4-s13NCM
Multiple Vulnerabilities are fixed in junos 16.2R2-S10NCM
Multiple Vulnerabilities are fixed in junos 17.1R3-S1NCM
Multiple Vulnerabilities are fixed in junos 17.2r1-s9NCM
Vulnerabilities CVE-2020-1606,CVE-2020-1649,CVE-2021-0249 are fixed in junos 17.4R2-S9NCM
Multiple Vulnerabilities are fixed in junos 18.1r3-s8NCM
Multiple Vulnerabilities are fixed in junos 18.2R3NCM
Vulnerabilities CVE-2020-1606 are fixed in junos 18.3r2-s3NCM
Multiple Vulnerabilities are fixed in junos 18.4R2NCM
Vulnerabilities CVE-2020-1606,CVE-2020-1641,CVE-2020-1649 are fixed in junos 19.1r1-s4NCM
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2020-1606)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234