CVE-2014-6384 (GCVE-0-2014-6384)
Vulnerability from cvelistv5
Published
2015-01-16 16:00
Modified
2024-08-06 12:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:23.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031547"
},
{
"name": "72077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-20T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1031547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031547"
},
{
"name": "72077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031547"
},
{
"name": "72077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72077"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10667",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6384",
"datePublished": "2015-01-16T16:00:00",
"dateReserved": "2014-09-11T00:00:00",
"dateUpdated": "2024-08-06T12:17:23.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-6384\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-01-16T16:59:05.343\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Juniper Junos 12.1X44 anterior a 12.1X44-D45, 12.1X46 anterior a 12.1X46-D25, 12.1X47 anterior a 12.1X47-D15, 12.3 anterior a 12.3R9, 13.1 anterior a 13.1R4-S3, 13.2 anterior a 13.2R6, 13.3 anterior a 13.3R5, 14.1anterior a 14.1R3, y 14.2 anterior a 14.2R1 no maneja correctamente las comillas dobles en los atributos de autorizaci\u00f3n en la configuraci\u00f3n TACACS+, lo que permite a usuarios locales evadir la pol\u00edtica de seguridad y ejecutar comandos a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B307477-C5F2-4D98-AF4C-640D326164C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC405A12-112D-4C9D-90DA-6ED484109793\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FC42F2D-7593-4DBE-AE89-A6B78E7F9089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"731A6469-3DE0-491A-BCC5-7642FB347ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12A8119-3E59-4062-9A04-1F6EA48B78E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B33B80-3189-4412-BFE0-359E755AB07A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0E8F87E-DEB2-4849-ABB5-75A67CFD2D39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x44:d40:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE231CE-0D93-4293-8720-4CCEE2EA651E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFB89F64-16BB-4A14-9084-B338668D7FF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71742CF-50B1-44BB-AB7B-27E5DCC9CF70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD4237A-C257-4D8A-ABC4-9B2160530A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A449C87-C5C3-48FE-9E46-64ED5DD5F193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BB3DE56-1B04-4A53-B4A4-93286FC98463\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"181C0D30-4476-48EE-A4A4-3B2461F4AC20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E014A0D-0054-4EBA-BA1F-035B74BD822F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"371A7DF8-3F4B-439D-8990-D1BC6F0C25C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CC3BCFD-2B0F-4994-9FE4-9D37FA85F1E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6F309FD-0A5A-4C86-B227-B2B511A5CEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"960059B5-0701-4B75-AB51-0A430247D9F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D1DCA52-DA81-495B-B516-5571F01E3B0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"05E187F6-BACD-4DD5-B393-B2FE4349053A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C240840-A6BC-4E3D-A60D-22F08E67E2B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3:r8:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC90563F-6BCB-4D77-8FD4-584E3A6C7741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71FB12AC-DB5A-444A-81E0-C0DDD06810EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD4D8EB-8625-47CD-8F0E-D2FC8CAA5462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0150A4C-2C5A-49FC-8FB3-B93CB45B8284\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFEB7A59-7536-4A92-A9C8-79FDE657B8AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.1:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD9ADCD2-DC32-4724-8324-60246E8BC953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAB7D840-9469-4CE2-8DBF-017A44741374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3A0A607-7D3C-4F2A-B5F5-576A70649CB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"32E9620A-7C0A-474C-919E-13609FFE580D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"672D3A38-92B4-4F33-82A6-B2D3F3403AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.2:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5C24441-6E9D-4EF7-8903-A109A52340C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.2:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB98C4F-617F-4F51-A86E-D1EBE2BDE583\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4AF5DAA-62F5-491F-A9CE-098970671D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FF9FF91-9184-4D18-8288-9110E35F4AE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F2E537B-9504-4912-B231-0D83F4459469\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BCB3837-DCBC-4997-B63E-E47957584709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:13.3:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C88E2B1-469B-442B-9FC0-7C9408CE3917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6237291A-B861-4D53-B7AA-C53A44B76896\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C778627-820A-48F5-9680-0205D6DB5EB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7F03DC-73A2-4760-B386-2A57E9C97E65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D59449C6-5BD5-4C07-AEF6-EEBC70D9C4C7\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/72077\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1031547\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10667\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/72077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…