CVE-2015-3003 — Improper Input Validation in Juniper Junos

CWE-264 CWE-20 — Improper Input Validation6 documents3 sources

Severity

7.8HIGHNVD

NVD7.2

EPSS

0.0%

top 85.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS

Timeline

PublishedApr 10

Latest updateMay 17

Description

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDjuniper/junos12.1x46+12

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-q4wv-hp9c-9wxv: Juniper Junos OS before 12↗2022-05-17

▶

GHSA

GHSA-66mx-9j2p-rccj: Juniper Junos 12↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2016-1271: Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3↗2016-04-15

▶

Juniper

CVE-2015-3003: Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2↗2015-04-10

▶