CVE-2020-1666

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.

Published: Oct 16, 2020
Updated: May 4, 2025
CVE: CVE-2020-1666
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-613

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
juniper / junos_os_evolved	19.3-r2	19.3-r2.x
juniper / junos_os_evolved	19.2-r1	19.2-r1.x
juniper / junos_os_evolved	19.2-r2	19.2-r2.x
juniper / junos_os_evolved	20.1-r1	20.1-r1.x
juniper / junos_os_evolved	19.4-r1	19.4-r1.x
juniper / junos_os_evolved	19.4-r2-s1	19.4-r2-s1.x
juniper / junos_os_evolved	19.4-r2	19.4-r2.x

https://kb.juniper.net/JSA11063

Vulnerability Database

289,697

CVE-2020-1666