PT-2013-5921 · Juniper Networks · Junos

Published

2013-10-28

Updated

2013-11-03

CVE-2013-6012

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Juniper Junos versions 12.1X44 before 12.1X44-D20 Juniper Junos versions 12.1X45 before 12.1X45-D15

Description The issue arises when the no-validate option is enabled, and the system fails to properly handle configuration validation errors during the config commit phase of the boot-up sequence. This allows remote attackers to bypass authentication via unspecified vectors.

Recommendations For Juniper Junos versions 12.1X44 before 12.1X44-D20, update to version 12.1X44-D20 or later. For Juniper Junos versions 12.1X45 before 12.1X45-D15, update to version 12.1X45-D15 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2013-6012

Affected Products

Junos

PT-2013-5921 · Juniper Networks · Junos

CVE-2013-6012

Weakness Enumeration

Related Identifiers

Affected Products

References · 3