PT-2016-4682 · Juniper Networks · Junos
Publicado
2016-08-05
·
Atualizado
2016-08-12
·
CVE-2016-1278
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Juniper Junos OS versions prior to 12.1X46-D50 on SRX Series devices
Description
The issue allows local users to gain privileges by leveraging the use of the
request system software command with the partition option after a failed upgrade to 12.1X46, causing the system to revert to "safe mode" authentication and allowing root CLI logins without a password.Recommendations
For versions prior to 12.1X46-D50, update to version 12.1X46-D50 or later to resolve the issue.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Junos