Main Vulnerability Database SB2016071402

SB2016071402 - Privilege escalation in Juniper JunOS

Published: July 14, 2016

Security Bulletin ID SB2016071402

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2016-1278)

The vulnerability allows a local user to obtain root privileges on the target system in certain cases.

The vulnerability exists during upgrade procedure, when 'request system software' command is used with the 'partition' option on an SRX Series device. A local attacker with physical access to affected device may be able to login with root login and empty password via CLI.

Successful exploitation of this vulnerability may result in root access to affected device.

Remediation

Install update from vendor's website.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753&actp=search