CVE-2023-44194
HIGHJunos OS Unauthenticated Privilege Escalation via Improper Directory Permissions
Title source: llmDescription
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S1.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA73158
Scores
CVSS v3
8.4
EPSS
0.0003
EPSS Percentile
9.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-276
Status
published
Products (6)
juniper/junos
20.4 (11 CPE variants)
juniper/junos
21.1 (10 CPE variants)
juniper/junos
21.2 (11 CPE variants)
juniper/junos
21.3 (9 CPE variants)
juniper/junos
21.4 (8 CPE variants)
juniper/junos
< 20.4
Published
Oct 13, 2023
Tracked Since
Feb 18, 2026