CVE-2016-4924 — Networks Junos OS vulnerability

CWE-2753 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 83.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +1 more

Timeline

PublishedOct 13

Latest updateMay 13

Description

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Netw…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os14.1 prior to 14.1R8, 15.1 prior to 15.1F5+1

▶NVDjuniper/junos14.1, 15.1+1

▶juniperjuniper/junos_os

▶juniperjuniper/mx_series

🔴Vulnerability Details

GHSA

GHSA-qpr4-jjf9-3v43: An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or v↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2016-4924: An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or v↗2017-10-13

▶