CVE-2016-1280

PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 6.4 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755	Vendor Advisory
http://www.securityfocus.com/bid/91761
http://www.securitytracker.com/id/1036303

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:15.1x53:d34::::::
	cpe:2.3:o:juniper:junos:15.1x53:d33::::::
	cpe:2.3:o:juniper:junos:15.1:r3::::::
	cpe:2.3:o:juniper:junos:14.1x53:d35::::::
	cpe:2.3:o:juniper:junos:14.2:r5::::::
	cpe:2.3:o:juniper:junos:14.2:r6::::::
	cpe:2.3:o:juniper:junos:14.1x53:d25::::::
	cpe:2.3:o:juniper:junos:14.1x53:d26::::::
	cpe:2.3:o:juniper:junos:14.1:r3::::::
	cpe:2.3:o:juniper:junos:14.1:r4::::::
	cpe:2.3:o:juniper:junos:13.3:r3::::::
	cpe:2.3:o:juniper:junos:13.3:r4::::::
	cpe:2.3:o:juniper:junos:13.3:r5::::::
	cpe:2.3:o:juniper:junos:12.3:r11::::::
	cpe:2.3:o:juniper:junos:12.3:r2::::::
	cpe:2.3:o:juniper:junos:12.3:r9::::::
	cpe:2.3:o:juniper:junos:14.1x53:d30::::::
	cpe:2.3:o:juniper:junos:12.3x48:d15::::::
	cpe:2.3:o:juniper:junos:15.1x53:d30::::::
	cpe:2.3:o:juniper:junos:12.3:r1::::::
	cpe:2.3:o:juniper:junos:14.1x53:d27::::::
	cpe:2.3:o:juniper:junos:12.1x46:::::::*
	cpe:2.3:o:juniper:junos:15.1:r2::::::
	cpe:2.3:o:juniper:junos:12.3:r10::::::
	cpe:2.3:o:juniper:junos:14.1:r6::::::
	cpe:2.3:o:juniper:junos:15.1x53:d32::::::
	cpe:2.3:o:juniper:junos:13.3:r9::::::
	cpe:2.3:o:juniper:junos:13.3:r6::::::
	cpe:2.3:o:juniper:junos:15.1:r1::::::
	cpe:2.3:o:juniper:junos:12.1x46:d20::::::
	cpe:2.3:o:juniper:junos:14.1:r5::::::
	cpe:2.3:o:juniper:junos:12.3:r8::::::
	cpe:2.3:o:juniper:junos:12.1x46:d15::::::
	cpe:2.3:o:juniper:junos:14.1:r1::::::
	cpe:2.3:o:juniper:junos:13.3:r7::::::
	cpe:2.3:o:juniper:junos:14.2:r1::::::
	cpe:2.3:o:juniper:junos:14.1:::::::*
	cpe:2.3:o:juniper:junos:14.2:r2::::::
	cpe:2.3:o:juniper:junos:13.3:::::::*
	cpe:2.3:o:juniper:junos:15.1x53:d10::::::
	cpe:2.3:o:juniper:junos:13.3:r1::::::
	cpe:2.3:o:juniper:junos:14.1x53:d15::::::
	cpe:2.3:o:juniper:junos:12.3x48:d10::::::
	cpe:2.3:o:juniper:junos:13.3:r8::::::
	cpe:2.3:o:juniper:junos:12.1x47:d10::::::
	cpe:2.3:o:juniper:junos:14.1x53:d10::::::
	cpe:2.3:o:juniper:junos:12.3x50:::::::*
	cpe:2.3:o:juniper:junos:12.1x46:d30::::::
	cpe:2.3:o:juniper:junos:14.2:r3::::::
	cpe:2.3:o:juniper:junos:15.1x53:d20::::::
	cpe:2.3:o:juniper:junos:12.3:r4::::::
	cpe:2.3:o:juniper:junos:12.3:r7::::::
	cpe:2.3:o:juniper:junos:12.3:r6::::::
	cpe:2.3:o:juniper:junos:12.1x47:d20::::::
	cpe:2.3:o:juniper:junos:12.1x46:d25::::::
	cpe:2.3:o:juniper:junos:13.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:14.2:::::::*
	cpe:2.3:o:juniper:junos:12.1x47:d25::::::
	cpe:2.3:o:juniper:junos:14.1x53:d16::::::
	cpe:2.3:o:juniper:junos::d50::::::*
	cpe:2.3:o:juniper:junos:14.1:r7::::::
	cpe:2.3:o:juniper:junos:12.1x47:::::::*
	cpe:2.3:o:juniper:junos:14.2:r4::::::
	cpe:2.3:o:juniper:junos:12.1x47:d15::::::
cpe:2.3:o:juniper:junos:12.1x46:d35::::::
cpe:2.3:o:juniper:junos:12.3:r5::::::
cpe:2.3:o:juniper:junos:16.1:::::::*
cpe:2.3:o:juniper:junos:12.3:r3::::::
cpe:2.3:o:juniper:junos:12.3:::::::*
cpe:2.3:o:juniper:junos:13.3:r2::::::
cpe:2.3:o:juniper:junos:15.1x53:d21::::::
cpe:2.3:o:juniper:junos:14.1:r2::::::
cpe:2.3:o:juniper:junos:15.1x49:d10::::::
cpe:2.3:o:juniper:junos:12.1x46:d10::::::

Information

Published : 2016-09-09 07:05

Updated : 2017-08-31 18:29

NVD link : CVE-2016-1280

Mitre link : CVE-2016-1280

JSON object : View

CWE

CWE-297

Improper Validation of Certificate with Host Mismatch

Products Affected

juniper

junos

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2016-1280

6.5^/10

6.4^/10

Attach tags to `CVE-2016-1280`