Published: 15/04/2016 Updated: 03/12/2016

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Juniper Junos OS prior to 12.1X46-D45, 12.1X47 prior to 12.1X47-D30, 12.3 prior to 12.3R11, 12.3X48 prior to 12.3X48-D25, 13.2 prior to 13.2R8, 13.3 prior to 13.3R7, 14.1 prior to 14.1R6, 14.2 prior to 14.2R4, 15.1 prior to 15.1R1 or 15.1F2, and 15.1X49 prior to 15.1X49-D15 allow local users to gain privileges via crafted combinations of CLI commands and arguments, a different vulnerability than CVE-2015-3003, CVE-2014-3816, and CVE-2014-0615.

Vulnerable Product	Search on Vulmon	Subscribe to Product
juniper junos 14.2
juniper junos 13.3
juniper junos 13.2
juniper junos 12.3
juniper junos 14.1
juniper junos 12.1x47
juniper junos 15.1x49
juniper junos 15.1
juniper junos 12.3x48
juniper junos

Juniper bleeding data and money: slaps Band-Aids all over Junos OS and warns markets

The Register • Richard Chirgwin • 14 Apr 2016

Security fixes for privilege escalation, DoS, TLS spoofing and more

Juniper's code reviewers have been hard at work, and have shipped a bunch of security bug-fixes. First up: the company has turned up a bunch of Junos OS privilege escalation vulnerabilities that need patching. As the advisory states, CVE-2016-1271 covers a set of CLI commands that can be exploited to get root access to the affected system. As well as patching vulnerable systems, Juniper reminds sysadmins that CLI access should always be restricted to trusted hosts (as well as highly trusted sysa...

CVE-2016-1271

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect