CVE-2016-1278

Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
juniperjunos
𝑥
≤ 12.1x46
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753
http://www.securityfocus.com/bid/91757
http://www.securitytracker.com/id/1036307
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753
http://www.securityfocus.com/bid/91757
http://www.securitytracker.com/id/1036307