var-201608-0004
Vulnerability from variot
Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. Juniper Junos is prone to a local authentication-bypass vulnerability. A local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Juniper Junos versions 12.1X46 prior to 12.1X46-D50 are vulnerable. Juniper Junos OS on SRX Series devices is a network operating system developed by Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS prior to 12.1X46-D50 on SRX Series devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "lte",
"trust": 1.0,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.9,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x46-d50"
},
{
"model": "junos 12.1x46-d45",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d36",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d20.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos d20",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos d15",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos d10",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos -d10",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos 12.1x46-d50",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "91757"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:juniper:junos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "91757"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2016-1278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-90097",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-1278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1278",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-421",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90097",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-1278",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option. Juniper Junos is prone to a local authentication-bypass vulnerability. \nA local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nJuniper Junos versions 12.1X46 prior to 12.1X46-D50 are vulnerable. Juniper Junos OS on SRX Series devices is a network operating system developed by Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS prior to 12.1X46-D50 on SRX Series devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "BID",
"id": "91757"
},
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1278",
"trust": 2.9
},
{
"db": "BID",
"id": "91757",
"trust": 2.1
},
{
"db": "JUNIPER",
"id": "JSA10753",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036307",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90097",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1278",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "BID",
"id": "91757"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"id": "VAR-201608-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:02:33.897000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10753",
"trust": 0.8,
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753\u0026actp=search"
},
{
"title": "Juniper Junos Local authentication bypass vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62964"
},
{
"title": null,
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/07/14/junipers_bug_hunters_fire_out_eight_patches/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/91757"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1036307"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10753"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1278"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1278"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10753\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10753"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "BID",
"id": "91757"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "BID",
"id": "91757"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-90097"
},
{
"date": "2016-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"date": "2016-07-13T00:00:00",
"db": "BID",
"id": "91757"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"date": "2016-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"date": "2016-08-05T15:59:05.537000",
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-90097"
},
{
"date": "2016-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"date": "2016-07-13T00:00:00",
"db": "BID",
"id": "91757"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"date": "2016-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"date": "2024-11-21T02:46:05.767000",
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "91757"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper SRX Runs on series devices Junos OS Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…