Published: 15/04/2016 Updated: 20/04/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The rpd daemon in Juniper Junos OS prior to 12.1X44-D60, 12.1X46 prior to 12.1X46-D45, 12.1X47 prior to 12.1X47-D30, 12.3 prior to 12.3R9, 12.3X48 prior to 12.3X48-D20, 13.2 prior to 13.2R7, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R6, 14.1 prior to 14.1R4, and 14.2 prior to 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote malicious users to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update.

Vulnerable Product	Search on Vulmon	Subscribe to Product
juniper junos 14.1
juniper junos 13.3
juniper junos 13.2
juniper junos 12.1x47
juniper junos 13.2x51
juniper junos 12.3
juniper junos 12.1x46
juniper junos 14.2
juniper junos 12.3x48
juniper junos

Juniper bleeding data and money: slaps Band-Aids all over Junos OS and warns markets

The Register • Richard Chirgwin • 14 Apr 2016

Security fixes for privilege escalation, DoS, TLS spoofing and more

Juniper's code reviewers have been hard at work, and have shipped a bunch of security bug-fixes. First up: the company has turned up a bunch of Junos OS privilege escalation vulnerabilities that need patching. As the advisory states, CVE-2016-1271 covers a set of CLI commands that can be exploited to get root access to the affected system. As well as patching vulnerable systems, Juniper reminds sysadmins that CLI access should always be restricted to trusted hosts (as well as highly trusted sysa...

CVE-2016-1270

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect