CVE-2014-0615 — Improper Input Validation in Juniper Junos

CWE-264 CWE-20 — Improper Input Validation6 documents3 sources

Severity

7.8HIGHNVD

NVD7.2

EPSS

0.0%

top 86.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS

Timeline

PublishedJan 15

Latest updateMay 17

Description

Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDjuniper/junos12.1x46+17

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-q4wv-hp9c-9wxv: Juniper Junos OS before 12↗2022-05-17

▶

GHSA

GHSA-3363-jj3w-r3w5: Juniper Junos 10↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2016-1271: Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3↗2016-04-15

▶

Juniper

CVE-2014-0615: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before↗2014-01-15

▶