Detections
Analytics
Juniper Junos TACACS+ Double Quotes Privilege Escalation (JSA10667)
medium Nessus Plugin ID 80955
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version number, the remote Juniper Junos device is potentially affected by a privilege escalation vulnerability when processing a TACACS+ configuration containing authorization attributes with double quotes. A local, authenticated attacker could exploit this issue to run unauthorized commands.Solution
Apply the relevant Junos software release or workaround referenced in Juniper advisory JSA10667.See Also
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10667
Plugin Details
Severity: Medium
ID: 80955
File Name: juniper_jsa10667.nasl
Version: 1.8
Type: combined
Family: Junos Local Security Checks
Published: 1/23/2015
Updated: 7/12/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 5.1
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:juniper:junos
Required KB Items: Settings/ParanoidReport, Host/Juniper/JUNOS/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 1/14/2015
Vulnerability Publication Date: 1/14/2015
Reference Information
CVE: CVE-2014-6384
BID: 72077
JSA: JSA10667