fkie_cve-2014-6448
Vulnerability from fkie_nvd
Published
2020-01-15 18:15
Modified
2024-11-21 02:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.
References
cve@mitre.orghttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695Vendor Advisory
Impacted products
Vendor Product Version
juniper junos 13.2
juniper junos 13.2
juniper junos 13.2
juniper junos 13.2
juniper junos 13.2
juniper junos 13.2x51
juniper junos 13.2x52
juniper junos 13.3
juniper junos 13.3
juniper junos 13.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "931D77A8-FA39-479E-91DB-CDDC9113252B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D3A0A607-7D3C-4F2A-B5F5-576A70649CB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "32E9620A-7C0A-474C-919E-13609FFE580D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "672D3A38-92B4-4F33-82A6-B2D3F3403AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:r4:*:*:*:*:*:*",
              "matchCriteriaId": "F5C24441-6E9D-4EF7-8903-A109A52340C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2x51:-:*:*:*:*:*:*",
              "matchCriteriaId": "2977373F-A77A-4726-8134-D0817F393F65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2x52:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3029F46-3176-496C-B91D-24DD3D76E32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "FE2FBBA2-6185-463F-96D3-9AB2C778B4F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "3FF9FF91-9184-4D18-8288-9110E35F4AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "0F2E537B-9504-4912-B231-0D83F4459469",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access."
    },
    {
      "lang": "es",
      "value": "Juniper Junos OS versi\u00f3n 13.2 anteriores a 13.2R5, versiones 13.2X51, 13.2X52 y versi\u00f3n 13.3  anteriores a 13.3R3, permiten a usuarios locales omitir las restricciones previstas y ejecutar c\u00f3digo de Python arbitrario por medio de vectores que involucran el acceso de shell."
    }
  ],
  "id": "CVE-2014-6448",
  "lastModified": "2024-11-21T02:14:24.297",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T18:15:11.540",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.