CVE-2016-4924

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8

CVSS v3 8.4 HIGH
CVSS v2.0 1.7 LOW

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Exploitability : 2.0 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/93531	Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10766	Vendor Advisory
http://www.securityfocus.com/bid/93531	Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10766	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:15.1:f1::::::
	cpe:2.3:o:juniper:junos:15.1:f2::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s1::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s2::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s3::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s4::::::
	cpe:2.3:o:juniper:junos:15.1:f3::::::
	cpe:2.3:o:juniper:junos:15.1:f4::::::

Configuration 2 (hide)

OR	cpe:2.3:o:juniper:junos:14.1:::::::*
	cpe:2.3:o:juniper:junos:14.1:r1::::::
	cpe:2.3:o:juniper:junos:14.1:r2::::::
	cpe:2.3:o:juniper:junos:14.1:r3::::::
	cpe:2.3:o:juniper:junos:14.1:r4::::::
	cpe:2.3:o:juniper:junos:14.1:r5::::::
	cpe:2.3:o:juniper:junos:14.1:r6::::::
	cpe:2.3:o:juniper:junos:14.1:r7::::::

History

21 Nov 2024, 02:53

Type	Values Removed	Values Added
CVSS	v2 : ~~1.7~~ v3 : ~~5.5~~	v2 : 1.7 v3 : 8.4
References	~~() http://www.securityfocus.com/bid/93531 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/93531 - Third Party Advisory, VDB Entry
References	~~() https://kb.juniper.net/JSA10766 - Vendor Advisory~~	() https://kb.juniper.net/JSA10766 - Vendor Advisory

Information

Published : 2017-10-13 17:29

Updated : 2024-11-21 02:53

NVD link : CVE-2016-4924

Mitre link : CVE-2016-4924

CVE.ORG link : CVE-2016-4924

JSON object : View

Products Affected

juniper

junos

CWE

CWE-275

Permission Issues

8.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2016-4924

8.4^/10

1.7^/10

Attach tags to `CVE-2016-4924`