CVE-2014-6384

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10667	Vendor Advisory
http://www.securityfocus.com/bid/72077
http://www.securitytracker.com/id/1031547

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:12.1x47:::::::*
	cpe:2.3:o:juniper:junos:12.1x47:d10::::::
	cpe:2.3:o:juniper:junos:12.3:::::::*
	cpe:2.3:o:juniper:junos:12.3:r1::::::
	cpe:2.3:o:juniper:junos:13.2:r1::::::
	cpe:2.3:o:juniper:junos:13.2:r2::::::
	cpe:2.3:o:juniper:junos:13.2:r3::::::
	cpe:2.3:o:juniper:junos:13.2:r4::::::
	cpe:2.3:o:juniper:junos:12.1x44:d20::::::
	cpe:2.3:o:juniper:junos:12.1x44:d15::::::
	cpe:2.3:o:juniper:junos:12.1x44:d10::::::
	cpe:2.3:o:juniper:junos:14.1:r1::::::
	cpe:2.3:o:juniper:junos:13.3:r4::::::
	cpe:2.3:o:juniper:junos:14.1:::::::*
	cpe:2.3:o:juniper:junos:13.3:::::::*
	cpe:2.3:o:juniper:junos:12.3:r2::::::
	cpe:2.3:o:juniper:junos:13.1:r2::::::
	cpe:2.3:o:juniper:junos:12.3:r4::::::
	cpe:2.3:o:juniper:junos:13.1:::::::*
	cpe:2.3:o:juniper:junos:12.3:r7::::::
	cpe:2.3:o:juniper:junos:12.3:r6::::::
	cpe:2.3:o:juniper:junos:13.1:r1::::::
	cpe:2.3:o:juniper:junos:13.1:r4::::::
	cpe:2.3:o:juniper:junos:12.1x44:d40::::::
	cpe:2.3:o:juniper:junos:13.3:r2::::::
	cpe:2.3:o:juniper:junos:14.1:r2::::::
	cpe:2.3:o:juniper:junos:12.1x44:d30::::::
	cpe:2.3:o:juniper:junos:12.1x44:::::::*
	cpe:2.3:o:juniper:junos:12.1x44:d35::::::
	cpe:2.3:o:juniper:junos:12.1x46:d20::::::
	cpe:2.3:o:juniper:junos:13.3:r3::::::
	cpe:2.3:o:juniper:junos:12.3:r8::::::
	cpe:2.3:o:juniper:junos:12.1x46:d10::::::
	cpe:2.3:o:juniper:junos:13.3:r1::::::
	cpe:2.3:o:juniper:junos:13.1:r3::::::
	cpe:2.3:o:juniper:junos:13.2:::::::*
	cpe:2.3:o:juniper:junos:12.1x46:::::::*
	cpe:2.3:o:juniper:junos:14.2:::::::*
	cpe:2.3:o:juniper:junos:13.2:r5::::::
	cpe:2.3:o:juniper:junos:12.3:r5::::::
	cpe:2.3:o:juniper:junos:12.3:r3::::::
	cpe:2.3:o:juniper:junos:12.1x44:d25::::::
	cpe:2.3:o:juniper:junos:12.1x46:d15::::::

Information

Published : 2015-01-16 08:59

Updated : 2015-01-26 11:35

NVD link : CVE-2014-6384

Mitre link : CVE-2014-6384

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

juniper

junos

6.9 /10