CVE-2014-6384

Name of the Vulnerable Software and Affected Versions Juniper Junos versions 12.1X44 before 12.1X44-D45 Juniper Junos versions 12.1X46 before 12.1X46-D25 Juniper Junos versions 12.1X47 before 12.1X47-D15 Juniper Junos versions 12.3 before 12.3R9 Juniper Junos versions 13.1 before 13.1R4-S3 Juniper Junos versions 13.2 before 13.2R6 Juniper Junos versions 13.3 before 13.3R5 Juniper Junos versions 14.1 before 14.1R3 Juniper Junos versions 14.2 before 14.2R1

Description The issue arises from the improper handling of double quotes in authorization attributes in the TACACS+ configuration. This allows local users to bypass the security policy and execute commands.

Recommendations For Juniper Junos versions 12.1X44 before 12.1X44-D45, update to version 12.1X44-D45 or later. For Juniper Junos versions 12.1X46 before 12.1X46-D25, update to version 12.1X46-D25 or later. For Juniper Junos versions 12.1X47 before 12.1X47-D15, update to version 12.1X47-D15 or later. For Juniper Junos versions 12.3 before 12.3R9, update to version 12.3R9 or later. For Juniper Junos versions 13.1 before 13.1R4-S3, update to version 13.1R4-S3 or later. For Juniper Junos versions 13.2 before 13.2R6, update to version 13.2R6 or later. For Juniper Junos versions 13.3 before 13.3R5, update to version 13.3R5 or later. For Juniper Junos versions 14.1 before 14.1R3, update to version 14.1R3 or later. For Juniper Junos versions 14.2 before 14.2R1, update to version 14.2R1 or later.