CVE-2014-6379

Name of the Vulnerable Software and Affected Versions Juniper Junos versions 11.4 through 14.1 before R1 Juniper Junos version 12.1 before R10 Juniper Junos version 12.1X44 before D35 Juniper Junos version 12.1X45 before D25 Juniper Junos version 12.1X46 before D20 Juniper Junos version 12.1X47 before D10 Juniper Junos version 12.2 before R8 Juniper Junos version 12.2X50 before D70 Juniper Junos version 12.3 before R6 Juniper Junos version 13.1 before R4-S3 Juniper Junos version 13.1X49 before D55 Juniper Junos version 13.1X50 before D30 Juniper Junos version 13.2 before R4 Juniper Junos version 13.2X50 before D20 Juniper Junos version 13.2X51 before D26 and D30 Juniper Junos version 13.2X52 before D15 Juniper Junos version 13.3 before R2

Description The issue allows remote attackers to bypass authentication via unspecified vectors when a RADIUS accounting server is configured. This occurs because an entry is created in /var/etc/pam radius.conf.

Recommendations For Juniper Junos versions 11.4 through 14.1 before R1, update to a version that includes the fix for this issue. For Juniper Junos version 12.1 before R10, update to R10 or later. For Juniper Junos version 12.1X44 before D35, update to D35 or later. For Juniper Junos version 12.1X45 before D25, update to D25 or later. For Juniper Junos version 12.1X46 before D20, update to D20 or later. For Juniper Junos version 12.1X47 before D10, update to D10 or later. For Juniper Junos version 12.2 before R8, update to R8 or later. For Juniper Junos version 12.2X50 before D70, update to D70 or later. For Juniper Junos version 12.3 before R6, update to R6 or later. For Juniper Junos version 13.1 before R4-S3, update to R4-S3 or later. For Juniper Junos version 13.1X49 before D55, update to D55 or later. For Juniper Junos version 13.1X50 before D30, update to D30 or later. For Juniper Junos version 13.2 before R4, update to R4 or later. For Juniper Junos version 13.2X50 before D20, update to D20 or later. For Juniper Junos version 13.2X51 before D26 and D30, update to D30 or later. For Juniper Junos version 13.2X52 before D15, update to D15 or later. For Juniper Junos version 13.3 before R2, update to R2 or later.