Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2017-02489

Опубликовано: 12 окт. 2016
Источник: fstec
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

Уязвимость операционной системы Junos связана с отсутствием мер по очистке входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему локально, повысить свои привилегии и получить полный контроль над устройством, используя специально сформированные комбинации CLI-команд и аргументов

Вендор

Juniper Networks Inc.

Наименование ПО

JunOS

Версия ПО

14.1 (JunOS)
14.1r1 (JunOS)
14.1r2 (JunOS)
14.1r3 (JunOS)
14.1r4 (JunOS)
14.1r5 (JunOS)
14.1r6 (JunOS)
14.1x53 (JunOS)
14.1x53d10 (JunOS)
14.1x53d15 (JunOS)
14.1x53d16 (JunOS)
14.1x53d25 (JunOS)
14.1x53d26 (JunOS)
14.1x53d27 (JunOS)
14.1x53d30 (JunOS)
14.1x53d35 (JunOS)
14.2 (JunOS)
14.2r1 (JunOS)
14.2r2 (JunOS)
14.2r3 (JunOS)
14.2r4 (JunOS)
14.2r5 (JunOS)
11.4 (JunOS)
11.4r1 (JunOS)
11.4r10 (JunOS)
11.4r11 (JunOS)
11.4r12 (JunOS)
11.4r2 (JunOS)
11.4r3 (JunOS)
11.4r4 (JunOS)
11.4r5 (JunOS)
11.4r6 (JunOS)
11.4r7 (JunOS)
11.4r8 (JunOS)
11.4r9 (JunOS)
11.4r13s2 (JunOS)
12.1x46 (JunOS)
12.1x46d10 (JunOS)
12.1x46d15 (JunOS)
12.1x46d20 (JunOS)
12.1x46d25 (JunOS)
12.1x46d30 (JunOS)
12.1x46d35 (JunOS)
12.1x46d40 (JunOS)
12.1x46d45 (JunOS)
12.1x46d50 (JunOS)
12.1x46d55 (JunOS)
12.1x47 (JunOS)
12.1x47d10 (JunOS)
12.1x47d15 (JunOS)
12.1x47d20 (JunOS)
12.1x47d25 (JunOS)
12.1x47d30 (JunOS)
12.1x47d35 (JunOS)
12.1x47d40 (JunOS)
12.3 (JunOS)
12.3r1 (JunOS)
12.3r10 (JunOS)
12.3r11 (JunOS)
12.3r2 (JunOS)
12.3r3 (JunOS)
12.3r4 (JunOS)
12.3r5 (JunOS)
12.3r6 (JunOS)
12.3r7 (JunOS)
12.3r8 (JunOS)
12.3r9 (JunOS)
12.3x48d10 (JunOS)
12.3x48d15 (JunOS)
12.3x48d25 (JunOS)
12.3x48d30 (JunOS)
13.2 (JunOS)
13.2r1 (JunOS)
13.2r2 (JunOS)
13.2r3 (JunOS)
13.2r4 (JunOS)
13.2r5 (JunOS)
13.2r6 (JunOS)
13.2r7 (JunOS)
13.2r7-s1 (JunOS)
13.2r7-s2 (JunOS)
13.2r8 (JunOS)
13.3 (JunOS)
13.3r1 (JunOS)
13.3r2 (JunOS)
13.3r2-s2 (JunOS)
13.3r3 (JunOS)
13.3r4 (JunOS)
13.3r5 (JunOS)
13.3r6 (JunOS)
13.3r7 (JunOS)
13.3r8 (JunOS)
14.1x55 (JunOS)
14.1x55d30 (JunOS)
15.1 (JunOS)
15.1a1 (JunOS)
15.1f1 (JunOS)
15.1f2 (JunOS)
15.1f2-s1 (JunOS)
15.1f2-s2 (JunOS)
15.1f2-s3 (JunOS)
15.1f2-s4 (JunOS)
15.1f3 (JunOS)
15.1r1 (JunOS)
15.1r2 (JunOS)
15.1x49 (JunOS)
15.1x49d10 (JunOS)
15.1x49d20 (JunOS)
15.1x49d30 (JunOS)
15.1x49d35 (JunOS)
15.1x49d40 (JunOS)
15.1x49d45 (JunOS)
15.1x49d50 (JunOS)
15.1x49d55 (JunOS)
15.1x53d20 (JunOS)
15.1x53d21 (JunOS)
15.1x53d210 (JunOS)
15.1x53d25 (JunOS)
15.1x53d30 (JunOS)
15.1x53d32 (JunOS)
15.1x53d33 (JunOS)
15.1x53d34 (JunOS)
15.1x53d50 (JunOS)
15.1x53d51 (JunOS)
15.1x53d52 (JunOS)
15.1x53d55 (JunOS)
15.1x53d60 (JunOS)
15.1x53d61 (JunOS)
15.1x53d62 (JunOS)
15.1x53d63 (JunOS)
15.1x53d64 (JunOS)
15.1x53d65 (JunOS)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Juniper Networks Inc. JunOS 14.1
Juniper Networks Inc. JunOS 14.1r1
Juniper Networks Inc. JunOS 14.1r2
Juniper Networks Inc. JunOS 14.1r3
Juniper Networks Inc. JunOS 14.1r4
Juniper Networks Inc. JunOS 14.1r5
Juniper Networks Inc. JunOS 14.1r6
Juniper Networks Inc. JunOS 14.1x53
Juniper Networks Inc. JunOS 14.1x53d10
Juniper Networks Inc. JunOS 14.1x53d15
Juniper Networks Inc. JunOS 14.1x53d16
Juniper Networks Inc. JunOS 14.1x53d25
Juniper Networks Inc. JunOS 14.1x53d26
Juniper Networks Inc. JunOS 14.1x53d27
Juniper Networks Inc. JunOS 14.1x53d30
Juniper Networks Inc. JunOS 14.1x53d35
Juniper Networks Inc. JunOS 14.2
Juniper Networks Inc. JunOS 14.2r1
Juniper Networks Inc. JunOS 14.2r2
Juniper Networks Inc. JunOS 14.2r3
Juniper Networks Inc. JunOS 14.2r4
Juniper Networks Inc. JunOS 14.2r5
Juniper Networks Inc. JunOS 11.4
Juniper Networks Inc. JunOS 11.4r1
Juniper Networks Inc. JunOS 11.4r10
Juniper Networks Inc. JunOS 11.4r11
Juniper Networks Inc. JunOS 11.4r12
Juniper Networks Inc. JunOS 11.4r2
Juniper Networks Inc. JunOS 11.4r3
Juniper Networks Inc. JunOS 11.4r4
Juniper Networks Inc. JunOS 11.4r5
Juniper Networks Inc. JunOS 11.4r6
Juniper Networks Inc. JunOS 11.4r7
Juniper Networks Inc. JunOS 11.4r8
Juniper Networks Inc. JunOS 11.4r9
Juniper Networks Inc. JunOS 11.4r13s2
Juniper Networks Inc. JunOS 12.1x46
Juniper Networks Inc. JunOS 12.1x46d10
Juniper Networks Inc. JunOS 12.1x46d15
Juniper Networks Inc. JunOS 12.1x46d20
Juniper Networks Inc. JunOS 12.1x46d25
Juniper Networks Inc. JunOS 12.1x46d30
Juniper Networks Inc. JunOS 12.1x46d35
Juniper Networks Inc. JunOS 12.1x46d40
Juniper Networks Inc. JunOS 12.1x46d45
Juniper Networks Inc. JunOS 12.1x46d50
Juniper Networks Inc. JunOS 12.1x46d55
Juniper Networks Inc. JunOS 12.1x47
Juniper Networks Inc. JunOS 12.1x47d10
Juniper Networks Inc. JunOS 12.1x47d15
Juniper Networks Inc. JunOS 12.1x47d20
Juniper Networks Inc. JunOS 12.1x47d25
Juniper Networks Inc. JunOS 12.1x47d30
Juniper Networks Inc. JunOS 12.1x47d35
Juniper Networks Inc. JunOS 12.1x47d40
Juniper Networks Inc. JunOS 12.3
Juniper Networks Inc. JunOS 12.3r1
Juniper Networks Inc. JunOS 12.3r10
Juniper Networks Inc. JunOS 12.3r11
Juniper Networks Inc. JunOS 12.3r2
Juniper Networks Inc. JunOS 12.3r3
Juniper Networks Inc. JunOS 12.3r4
Juniper Networks Inc. JunOS 12.3r5
Juniper Networks Inc. JunOS 12.3r6
Juniper Networks Inc. JunOS 12.3r7
Juniper Networks Inc. JunOS 12.3r8
Juniper Networks Inc. JunOS 12.3r9
Juniper Networks Inc. JunOS 12.3x48d10
Juniper Networks Inc. JunOS 12.3x48d15
Juniper Networks Inc. JunOS 12.3x48d25
Juniper Networks Inc. JunOS 12.3x48d30
Juniper Networks Inc. JunOS 13.2
Juniper Networks Inc. JunOS 13.2r1
Juniper Networks Inc. JunOS 13.2r2
Juniper Networks Inc. JunOS 13.2r3
Juniper Networks Inc. JunOS 13.2r4
Juniper Networks Inc. JunOS 13.2r5
Juniper Networks Inc. JunOS 13.2r6
Juniper Networks Inc. JunOS 13.2r7
Juniper Networks Inc. JunOS 13.2r7-s1
Juniper Networks Inc. JunOS 13.2r7-s2
Juniper Networks Inc. JunOS 13.2r8
Juniper Networks Inc. JunOS 13.3
Juniper Networks Inc. JunOS 13.3r1
Juniper Networks Inc. JunOS 13.3r2
Juniper Networks Inc. JunOS 13.3r2-s2
Juniper Networks Inc. JunOS 13.3r3
Juniper Networks Inc. JunOS 13.3r4
Juniper Networks Inc. JunOS 13.3r5
Juniper Networks Inc. JunOS 13.3r6
Juniper Networks Inc. JunOS 13.3r7
Juniper Networks Inc. JunOS 13.3r8
Juniper Networks Inc. JunOS 14.1x55
Juniper Networks Inc. JunOS 14.1x55d30
Juniper Networks Inc. JunOS 15.1
Juniper Networks Inc. JunOS 15.1a1
Juniper Networks Inc. JunOS 15.1f1
Juniper Networks Inc. JunOS 15.1f2
Juniper Networks Inc. JunOS 15.1f2-s1
Juniper Networks Inc. JunOS 15.1f2-s2
Juniper Networks Inc. JunOS 15.1f2-s3
Juniper Networks Inc. JunOS 15.1f2-s4
Juniper Networks Inc. JunOS 15.1f3
Juniper Networks Inc. JunOS 15.1r1
Juniper Networks Inc. JunOS 15.1r2
Juniper Networks Inc. JunOS 15.1x49
Juniper Networks Inc. JunOS 15.1x49d10
Juniper Networks Inc. JunOS 15.1x49d20
Juniper Networks Inc. JunOS 15.1x49d30
Juniper Networks Inc. JunOS 15.1x49d35
Juniper Networks Inc. JunOS 15.1x49d40
Juniper Networks Inc. JunOS 15.1x49d45
Juniper Networks Inc. JunOS 15.1x49d50
Juniper Networks Inc. JunOS 15.1x49d55
Juniper Networks Inc. JunOS 15.1x53d20
Juniper Networks Inc. JunOS 15.1x53d21
Juniper Networks Inc. JunOS 15.1x53d210
Juniper Networks Inc. JunOS 15.1x53d25
Juniper Networks Inc. JunOS 15.1x53d30
Juniper Networks Inc. JunOS 15.1x53d32
Juniper Networks Inc. JunOS 15.1x53d33
Juniper Networks Inc. JunOS 15.1x53d34
Juniper Networks Inc. JunOS 15.1x53d50
Juniper Networks Inc. JunOS 15.1x53d51
Juniper Networks Inc. JunOS 15.1x53d52
Juniper Networks Inc. JunOS 15.1x53d55
Juniper Networks Inc. JunOS 15.1x53d60
Juniper Networks Inc. JunOS 15.1x53d61
Juniper Networks Inc. JunOS 15.1x53d62
Juniper Networks Inc. JunOS 15.1x53d63
Juniper Networks Inc. JunOS 15.1x53d64
Juniper Networks Inc. JunOS 15.1x53d65

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,2)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,8)

Возможные меры по устранению уязвимости

Использование рекомендаций: https://kb.juniper.net/JSA10763

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 24%
0.00084
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-4922

CVSS3: 8.4
nvd
больше 8 лет назад

Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70.

github логотип

GHSA-jgjp-x99q-6vpg

CVSS3: 7.8
github
больше 3 лет назад

Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70.

EPSS

Процентиль: 24%
0.00084
Низкий

7.8 High

CVSS3

7.2 High

CVSS2