CVE-2013-6012 — Improper Authentication in Juniper Junos

CWE-287 — Improper Authentication3 documents3 sources

Severity

8.5HIGHNVD

EPSS

0.1%

top 64.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS

Timeline

PublishedOct 28

Latest updateMay 17

Description

Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

▶NVDjuniper/junos12.1x44, 12.1x45+1

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-hp6j-x8j2-6jmh: Juniper Junos 12↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2013-6012: Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configurati↗2013-10-28

▶