CVE-2016-4924

Severity

17%

Complexity

31%

Confidentiality

48%

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8

CVSS 3.0 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 1.7. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N).

Overview

Type

Juniper

First reported 7 years ago

2017-10-13 17:29:00

Last updated 5 years ago

2019-10-09 23:18:00

Affected Software

Juniper JunOS 15.1 F1

15.1

Juniper JunOS 15.1 F2

15.1

Juniper JunOS 15.1 F2-s1

15.1

Juniper Junos 15.1 F2-S2

15.1

Juniper Junos 15.1 F2-S3

15.1

Juniper Junos 15.1 F2-S4

15.1

Juniper Junos 15.1 F3

15.1

Juniper Junos 15.1 F4

15.1

Juniper JUNOS 14.1

14.1

Juniper JUNOS 14.1R1

14.1

Juniper Junos 14.1 R2

14.1

Juniper Junos 14.1 R3

14.1

Juniper JunOS 14.1 R4

14.1

Juniper Junos 14.1 R5

14.1

Juniper Junos 14.1 R6

14.1

Juniper Junos 14.1 R7

14.1

References

93531

Third Party Advisory, VDB Entry

https://kb.juniper.net/JSA10766

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.