#VU149 Privilege escalation in Juniper Junos OS - CVE-2016-1278
Published: July 14, 2016 / Updated: January 17, 2017
Vulnerability identifier: #VU149
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-1278
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a local user to obtain root privileges on the target system in certain cases.
The vulnerability exists during upgrade procedure, when 'request system software' command is used with the 'partition' option on an SRX Series device. A local attacker with physical access to affected device may be able to login with root login and empty password via CLI.
Successful exploitation of this vulnerability may result in root access to affected device.
The vulnerability exists during upgrade procedure, when 'request system software' command is used with the 'partition' option on an SRX Series device. A local attacker with physical access to affected device may be able to login with root login and empty password via CLI.
Successful exploitation of this vulnerability may result in root access to affected device.
Remediation
The vendor has issued a fix (12.1X46-D50).