Juniper Junos OS prior to 12.1X46-D45, 12.1X47 prior to 12.1X47-D30, 12.3 prior to 12.3R11, 12.3X48 prior to 12.3X48-D25, 13.2 prior to 13.2R8, 13.3 prior to 13.3R7, 14.1 prior to 14.1R6, 14.2 prior to 14.2R4, 15.1 prior to 15.1R1 or 15.1F2, and 15.1X49 prior to 15.1X49-D15 allow local users to gain privileges via crafted combinations of CLI commands and arguments, a different vulnerability than CVE-2015-3003, CVE-2014-3816, and CVE-2014-0615.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
juniper junos 14.1 |
||
juniper junos 14.2 |
||
juniper junos |
||
juniper junos 13.3 |
||
juniper junos 12.3 |
||
juniper junos 12.3x48 |
||
juniper junos 12.1x47 |
||
juniper junos 13.2 |
||
juniper junos 15.1x49 |
||
juniper junos 15.1 |
Security fixes for privilege escalation, DoS, TLS spoofing and more
Juniper's code reviewers have been hard at work, and have shipped a bunch of security bug-fixes. First up: the company has turned up a bunch of Junos OS privilege escalation vulnerabilities that need patching. As the advisory states, CVE-2016-1271 covers a set of CLI commands that can be exploited to get root access to the affected system. As well as patching vulnerable systems, Juniper reminds sysadmins that CLI access should always be restricted to trusted hosts (as well as highly trusted sysa...