Juniper Networks Junos OS and Junos OS Evolved Exposure of Sensitive Information Vulnerability

A vulnerability allowing exposure of sensitive information to unauthorized actors has been identified in the User Interface of Juniper Networks Junos OS and Junos OS Evolved. This issue allows a local, low-privileged, authenticated attacker with access to the Command Line Interface (CLI) to retrieve sensitive information, such as hashed passwords, by executing a specific 'show mgd' command. The vulnerability could be exploited to further impact the system. Affected versions include all prior to 21.4R3-S10, versions 22.2 prior to 22.2R3-S5, versions 22.4 prior to 22.4R3-S5, versions 23.2 prior to 23.2R2-S3, and versions 23.4 prior to 23.4R2-S3 in Junos OS. In Junos OS Evolved, all versions prior to 21.4R3-S10-EVO, versions 22.2-EVO prior to 22.2R3-S6-EVO, versions 22.4-EVO prior to 22.4R3-S5-EVO, versions 23.2-EVO prior to 23.2R2-S3-EVO, and versions 23.4-EVO prior to 23.4R2-S3-EVO are affected.

Impact

Exploitation of this vulnerability allows low-privileged, authenticated users to access sensitive information, such as hashed passwords, which could be used to further compromise the system.