fkie_nvd - fkie_cve-2014-6384

fkie_cve-2014-6384

Vulnerability from fkie_nvd

Published

2015-01-16 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/72077
cve@mitre.org	http://www.securitytracker.com/id/1031547
cve@mitre.org	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10667	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72077
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031547
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10667	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	junos	12.1x44
juniper	junos	12.1x44
juniper	junos	12.1x44
juniper	junos	12.1x44
juniper	junos	12.1x44
juniper	junos	12.1x44
juniper	junos	12.1x44
juniper	junos	12.1x44
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x47
juniper	junos	12.1x47
juniper	junos	12.3
juniper	junos	12.3
juniper	junos	12.3
juniper	junos	12.3
juniper	junos	12.3
juniper	junos	12.3
juniper	junos	12.3
juniper	junos	12.3
juniper	junos	12.3
juniper	junos	13.1
juniper	junos	13.1
juniper	junos	13.1
juniper	junos	13.1
juniper	junos	13.1
juniper	junos	13.2
juniper	junos	13.2
juniper	junos	13.2
juniper	junos	13.2
juniper	junos	13.2
juniper	junos	13.2
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	14.1
juniper	junos	14.1
juniper	junos	14.1
juniper	junos	14.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B307477-C5F2-4D98-AF4C-640D326164C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*",
              "matchCriteriaId": "AC405A12-112D-4C9D-90DA-6ED484109793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*",
              "matchCriteriaId": "3FC42F2D-7593-4DBE-AE89-A6B78E7F9089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*",
              "matchCriteriaId": "731A6469-3DE0-491A-BCC5-7642FB347ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*",
              "matchCriteriaId": "D12A8119-3E59-4062-9A04-1F6EA48B78E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*",
              "matchCriteriaId": "E8B33B80-3189-4412-BFE0-359E755AB07A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*",
              "matchCriteriaId": "C0E8F87E-DEB2-4849-ABB5-75A67CFD2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d40:*:*:*:*:*:*",
              "matchCriteriaId": "BDE231CE-0D93-4293-8720-4CCEE2EA651E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB89F64-16BB-4A14-9084-B338668D7FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
              "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
              "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
              "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB3DE56-1B04-4A53-B4A4-93286FC98463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*",
              "matchCriteriaId": "181C0D30-4476-48EE-A4A4-3B2461F4AC20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E014A0D-0054-4EBA-BA1F-035B74BD822F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "371A7DF8-3F4B-439D-8990-D1BC6F0C25C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "7CC3BCFD-2B0F-4994-9FE4-9D37FA85F1E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "C6F309FD-0A5A-4C86-B227-B2B511A5CEB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*",
              "matchCriteriaId": "960059B5-0701-4B75-AB51-0A430247D9F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*",
              "matchCriteriaId": "1D1DCA52-DA81-495B-B516-5571F01E3B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*",
              "matchCriteriaId": "05E187F6-BACD-4DD5-B393-B2FE4349053A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*",
              "matchCriteriaId": "3C240840-A6BC-4E3D-A60D-22F08E67E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:r8:*:*:*:*:*:*",
              "matchCriteriaId": "CC90563F-6BCB-4D77-8FD4-584E3A6C7741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71FB12AC-DB5A-444A-81E0-C0DDD06810EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "FCD4D8EB-8625-47CD-8F0E-D2FC8CAA5462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "A0150A4C-2C5A-49FC-8FB3-B93CB45B8284",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "BFEB7A59-7536-4A92-A9C8-79FDE657B8AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "AD9ADCD2-DC32-4724-8324-60246E8BC953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB7D840-9469-4CE2-8DBF-017A44741374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D3A0A607-7D3C-4F2A-B5F5-576A70649CB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "32E9620A-7C0A-474C-919E-13609FFE580D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "672D3A38-92B4-4F33-82A6-B2D3F3403AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:r4:*:*:*:*:*:*",
              "matchCriteriaId": "F5C24441-6E9D-4EF7-8903-A109A52340C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:r5:*:*:*:*:*:*",
              "matchCriteriaId": "7CB98C4F-617F-4F51-A86E-D1EBE2BDE583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4AF5DAA-62F5-491F-A9CE-098970671D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "3FF9FF91-9184-4D18-8288-9110E35F4AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "0F2E537B-9504-4912-B231-0D83F4459469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "4BCB3837-DCBC-4997-B63E-E47957584709",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.3:r4:*:*:*:*:*:*",
              "matchCriteriaId": "6C88E2B1-469B-442B-9FC0-7C9408CE3917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6237291A-B861-4D53-B7AA-C53A44B76896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "9C778627-820A-48F5-9680-0205D6DB5EB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "FA7F03DC-73A2-4760-B386-2A57E9C97E65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59449C6-5BD5-4C07-AEF6-EEBC70D9C4C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Juniper Junos 12.1X44 anterior a 12.1X44-D45, 12.1X46 anterior a 12.1X46-D25, 12.1X47 anterior a 12.1X47-D15, 12.3 anterior a 12.3R9, 13.1 anterior a 13.1R4-S3, 13.2 anterior a 13.2R6, 13.3 anterior a 13.3R5, 14.1anterior a 14.1R3, y 14.2 anterior a 14.2R1 no maneja correctamente las comillas dobles en los atributos de autorizaci\u00f3n en la configuraci\u00f3n TACACS+, lo que permite a usuarios locales evadir la pol\u00edtica de seguridad y ejecutar comandos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-6384",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-16T16:59:05.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/72077"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1031547"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10667"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-6384 (GCVE-0-2014-6384)

Vulnerability from cvelistv5

Published

2015-01-16 16:00