CVE-2014-6448Improper Privilege Management in Juniper Junos

CWE-269Improper Privilege Management5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 88.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Juniper Junos
Timeline
PublishedJan 15
Latest updateMay 17

Description

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDjuniper/junos4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-cqm4-w39p-g223: Juniper Junos OS 132022-05-17
CVEList
CVE-2014-6448: Juniper Junos OS 132020-01-15

📋Vendor Advisories

1
Juniper
CVE-2014-6448: Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary2020-01-15

💬Community

1
Bugzilla
CVE-2013-6448 JBoss Seam: Information disclosure in remoting2013-12-19
CVE-2014-6448 — Improper Privilege Management | cvebase