Vulnerability-Lookup

CVE-2016-1278 (GCVE-0-2016-1278)

Vulnerability from cvelistv5 – Published: 2016-08-05 15:00 – Updated: 2024-08-05 22:48

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

3 references

URL	Tags
http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
http://www.securitytracker.com/id/1036307	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/91757	vdb-entryx_refsource_BID

Date Public

2016-07-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753"
          },
          {
            "name": "1036307",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036307"
          },
          {
            "name": "91757",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91757"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-08-05T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753"
        },
        {
          "name": "1036307",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036307"
        },
        {
          "name": "91757",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91757"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1278",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753"
            },
            {
              "name": "1036307",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036307"
            },
            {
              "name": "91757",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91757"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1278",
    "datePublished": "2016-08-05T15:00:00.000Z",
    "dateReserved": "2015-12-30T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:48:13.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-1278",
      "date": "2026-05-27",
      "epss": "0.00047",
      "percentile": "0.14739"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:*:d45:*:*:*:*:*:*\", \"versionEndIncluding\": \"12.1x46\", \"matchCriteriaId\": \"CE3C59EA-3089-4693-980B-46969B38DFD1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \\\"safe mode\\\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \\\"request system software\\\" command with the \\\"partition\\\" option.\"}, {\"lang\": \"es\", \"value\": \"Juniper Junos OS en versiones anteriores a 12.1X46-D50 en dispositivos SRX Series revierte a atenticaci\\u00f3n \\\"modo seguro\\\" y permite inicios de sesi\\u00f3n root CLI sin una contrase\\u00f1a despues de un fallo de actualizaci\\u00f3n a 12.1X46, lo que podr\\u00eda permitir a usuarios locales obtener privilegios aprovechando el uso del comando \\\"request system software\\\" con la opci\\u00f3n \\\"partition\\\".\"}]",
      "id": "CVE-2016-1278",
      "lastModified": "2024-11-21T02:46:05.767",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-08-05T15:59:05.537",
      "references": "[{\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/91757\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036307\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/91757\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036307\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1278\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-08-05T15:59:05.537\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \\\"safe mode\\\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \\\"request system software\\\" command with the \\\"partition\\\" option.\"},{\"lang\":\"es\",\"value\":\"Juniper Junos OS en versiones anteriores a 12.1X46-D50 en dispositivos SRX Series revierte a atenticaci\u00f3n \\\"modo seguro\\\" y permite inicios de sesi\u00f3n root CLI sin una contrase\u00f1a despues de un fallo de actualizaci\u00f3n a 12.1X46, lo que podr\u00eda permitir a usuarios locales obtener privilegios aprovechando el uso del comando \\\"request system software\\\" con la opci\u00f3n \\\"partition\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:*:d45:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.1x46\",\"matchCriteriaId\":\"CE3C59EA-3089-4693-980B-46969B38DFD1\"}]}]}],\"references\":[{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91757\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036307\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91757\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036307\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTFR-2016-AVI-236

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Juniper Junos OS. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Juniper Junos OS

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CERTFR-2016-AVI-236

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Juniper Junos OS

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CNVD-2016-05051

Vulnerability from cnvd - Published: 2016-07-21

Title

Juniper Junos本地身份验证绕过漏洞

Description

Juniper Junos是一套专用于该公司的硬件系统的网络操作系统。 Juniper Junos存在安全漏洞，允许本地攻击者可利用该漏洞提交特殊请求绕过身份验证机制，执行未授权操作。

Severity

低

Patch Name

Juniper Junos本地身份验证绕过漏洞的补丁

Patch Description

Juniper Junos是一套专用于该公司的硬件系统的网络操作系统。 Juniper Junos存在安全漏洞，允许本地攻击者可利用该漏洞提交特殊请求绕过身份验证机制，执行未授权操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753&cat=SIRT_1&actp=LIST

Reference

http://www.securityfocus.com/bid/91757

Impacted products

Name
Juniper Networks JUNOS >12.1X46，<12.1X46-D50

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "91757"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1278"
    }
  },
  "description": "Juniper Junos\u662f\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u7cfb\u7edf\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nJuniper Junos\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753\u0026cat=SIRT_1\u0026actp=LIST",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-05051",
  "openTime": "2016-07-21",
  "patchDescription": "Juniper Junos\u662f\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u7cfb\u7edf\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nJuniper Junos\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Junos\u672c\u5730\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Juniper Networks JUNOS \u003e12.1X46\uff0c\u003c12.1X46-D50"
  },
  "referenceLink": "http://www.securityfocus.com/bid/91757",
  "serverity": "\u4f4e",
  "submitTime": "2016-07-17",
  "title": "Juniper Junos\u672c\u5730\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2016-1278

Vulnerability from fkie_nvd - Published: 2016-08-05 15:59 - Updated: 2026-05-06 22:30

Severity

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753	Mitigation, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/91757	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1036307	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91757	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036307	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	juniper	junos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:*:d45:*:*:*:*:*:*",
              "matchCriteriaId": "CE3C59EA-3089-4693-980B-46969B38DFD1",
              "versionEndIncluding": "12.1x46",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option."
    },
    {
      "lang": "es",
      "value": "Juniper Junos OS en versiones anteriores a 12.1X46-D50 en dispositivos SRX Series revierte a atenticaci\u00f3n \"modo seguro\" y permite inicios de sesi\u00f3n root CLI sin una contrase\u00f1a despues de un fallo de actualizaci\u00f3n a 12.1X46, lo que podr\u00eda permitir a usuarios locales obtener privilegios aprovechando el uso del comando \"request system software\" con la opci\u00f3n \"partition\"."
    }
  ],
  "id": "CVE-2016-1278",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-05T15:59:05.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91757"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036307"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HRRQ-73FQ-JH5M

Vulnerability from github – Published: 2022-05-17 03:50 – Updated: 2022-05-17 03:50

Details

Severity

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-08-05T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option.",
  "id": "GHSA-hrrq-73fq-jh5m",
  "modified": "2022-05-17T03:50:32Z",
  "published": "2022-05-17T03:50:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1278"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91757"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036307"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-1278

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1278

Aliases

CVE-2016-1278

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1278",
    "description": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option.",
    "id": "GSD-2016-1278"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1278"
      ],
      "details": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option.",
      "id": "GSD-2016-1278",
      "modified": "2023-12-13T01:21:24.945654Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-1278",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753"
          },
          {
            "name": "1036307",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036307"
          },
          {
            "name": "91757",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/91757"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:*:d45:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1x46",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1278"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753"
            },
            {
              "name": "91757",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/91757"
            },
            {
              "name": "1036307",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1036307"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-08-12T13:41Z",
      "publishedDate": "2016-08-05T15:59Z"
    }
  }
}

VAR-201608-0004

Vulnerability from variot - Updated: 2023-12-18 12:05

Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. Juniper Junos is prone to a local authentication-bypass vulnerability. A local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Juniper Junos versions 12.1X46 prior to 12.1X46-D50 are vulnerable. Juniper Junos OS on SRX Series devices is a network operating system developed by Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS prior to 12.1X46-D50 on SRX Series devices

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0004",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.1x46-d50"
      },
      {
        "model": "junos 12.1x46-d45",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d20.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos -d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.1x46-d50",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "91757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1278"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:*:d45:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1x46",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1278"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "91757"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1278",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-1278",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-90097",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-1278",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1278",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201607-421",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90097",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1278",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1278"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1278"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option. Juniper Junos is prone to a local authentication-bypass vulnerability. \nA local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nJuniper Junos versions 12.1X46 prior to 12.1X46-D50 are vulnerable. Juniper Junos OS on SRX Series devices is a network operating system developed by Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS prior to 12.1X46-D50 on SRX Series devices",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1278"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "db": "BID",
        "id": "91757"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1278"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1278",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "91757",
        "trust": 2.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10753",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1036307",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-421",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-90097",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1278",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1278"
      },
      {
        "db": "BID",
        "id": "91757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1278"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ]
  },
  "id": "VAR-201608-0004",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90097"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:05:46.282000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10753",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10753\u0026actp=search"
      },
      {
        "title": "Juniper Junos Local authentication bypass vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62964"
      },
      {
        "title": null,
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/14/junipers_bug_hunters_fire_out_eight_patches/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-1278"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90097"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1278"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/91757"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1036307"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10753"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1278"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1278"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10753\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10753"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47144"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1278"
      },
      {
        "db": "BID",
        "id": "91757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1278"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1278"
      },
      {
        "db": "BID",
        "id": "91757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1278"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90097"
      },
      {
        "date": "2016-08-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1278"
      },
      {
        "date": "2016-07-13T00:00:00",
        "db": "BID",
        "id": "91757"
      },
      {
        "date": "2016-08-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "date": "2016-08-05T15:59:05.537000",
        "db": "NVD",
        "id": "CVE-2016-1278"
      },
      {
        "date": "2016-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90097"
      },
      {
        "date": "2016-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1278"
      },
      {
        "date": "2016-07-13T00:00:00",
        "db": "BID",
        "id": "91757"
      },
      {
        "date": "2016-08-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      },
      {
        "date": "2016-08-12T13:41:01.417000",
        "db": "NVD",
        "id": "CVE-2016-1278"
      },
      {
        "date": "2016-08-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "91757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper SRX Runs on series devices  Junos OS Vulnerability gained in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004368"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-421"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1278 (GCVE-0-2016-1278)

CERTFR-2016-AVI-236

Solution

CERTFR-2016-AVI-236

Solution

CNVD-2016-05051

FKIE_CVE-2016-1278

GHSA-HRRQ-73FQ-JH5M

GSD-2016-1278

VAR-201608-0004

Tags

Sightings

Nomenclature