CVE-2016-1279

09.09.2016, 14:05

J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Vendor	Product	Version
juniper	junos	𝑥 ≤ 12.1x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x47:x47
juniper	junos	12.1x47:x47
juniper	junos	12.1x47:x47
juniper	junos	12.1x47:x47
juniper	junos	12.1x47:x47
juniper	junos	12.1x47:x47
juniper	junos	12.3
juniper	junos	12.3:r1
juniper	junos	12.3:r10
juniper	junos	12.3:r11
juniper	junos	12.3:r2
juniper	junos	12.3:r3
juniper	junos	12.3:r4
juniper	junos	12.3:r5
juniper	junos	12.3:r6
juniper	junos	12.3:r7
juniper	junos	12.3:r8
juniper	junos	12.3:r9
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	13.3
juniper	junos	13.3:r1
juniper	junos	13.3:r2
juniper	junos	13.3:r2-s2
juniper	junos	13.3:r3
juniper	junos	13.3:r4
juniper	junos	13.3:r5
juniper	junos	13.3:r6
juniper	junos	13.3:r7
juniper	junos	13.3:r8
juniper	junos	13.3:r9
juniper	junos	14.1
juniper	junos	14.1:r1
juniper	junos	14.1:r2
juniper	junos	14.1:r3
juniper	junos	14.1:r4
juniper	junos	14.1:r5
juniper	junos	14.1:r6
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.2:r1
juniper	junos	14.2:r2
juniper	junos	14.2:r3
juniper	junos	14.2:r4
juniper	junos	14.2:r5
juniper	junos	15.1:a1
juniper	junos	15.1:f2
juniper	junos	15.1:f2-s1
juniper	junos	15.1:f2-s2
juniper	junos	15.1:f2-s3
juniper	junos	15.1:f2-s4
juniper	junos	15.1:f3
juniper	junos	15.1:r1
juniper	junos	15.1:r2
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10754

http://www.securityfocus.com/bid/91759

http://www.securitytracker.com/id/1036302

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10754

http://www.securityfocus.com/bid/91759

http://www.securitytracker.com/id/1036302