Monday, 24 October 2016

On 03:11 by admin   No comments
A vulnerability, which was classified as critical, was found in Juniper Junos up to 16.0. This affects an unknown function of the component Command Line Interface. The manipulation with an unknown input leads to a privilege escalation vulnerability. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was released 10/12/2016 as JSA10763 / 1027807 / 1117227 / 1061973 as confirmed knowledge base article (Website). The advisory is shared for download at kb.juniper.net. The public release was coordinated with Juniper. The knowledge base article contains:
These issues were found during internal product security testing.
This vulnerability is uniquely identified as CVE-2016-4922. The exploitability is told to be easy. An attack has to be approached locally. The successful exploitation needs a single authentication. Neither technical details nor an exploit are publicly available. The for an exploit might be around USD $2k-$5k at the moment. The advisory points out:
Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device.
Upgrading to version 12.1X46-D60, 12.1X47-D45, 12.3R12, 12.3X48-D35, 13.2R9, 13.3R9, 14.1R7, 14.1X53-D40, 14.1X55-D35, 14.2R5, 15.1F4, 15.1R3, 15.1X49-D60, 15.1X53-D70 or 16.1R1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The knowledge base article contains the following remark:
Use access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators.
The vulnerability is also documented in the vulnerability database at SecurityTracker (ID 1037013). Entries connected to this vulnerability are available at 92719.

CVSSv3

Base Score: 7.8
Temp Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C
Reliability: High

CVSSv2

Base Score: 6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
Temp Score: 5.9 (CVSS2#E:ND/RL:OF/RC:C)
Reliability: High

0 comments:

Post a comment