Details of VAR-201401-0346

ID

VAR-201401-0346

CVE

CVE-2014-0615

TITLE

Juniper Junos Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2014-001065

DESCRIPTION

Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments.". Juniper Junos is prone to multiple local privilege-escalation vulnerabilities. Local attackers can exploit these issues to execute arbitrary commands with root privileges. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. An elevation of privilege vulnerability exists in Juniper Junos. The following versions are affected: Juniper Junos 10.4 prior to 10.4R16, 11.4 prior to 11.4R10, 12.1R prior to 12.1R8-S2, 12.1X44 prior to 12.1X44-D30, 12.1X45 prior to 12.1X45-D20 , 12.1X46 version before 12.1X46-D10, 12.2 version before 12.2R7, 12.3 version before 12.3R5, 13.1 version before 13.1R3-S1, 13.2 version before 13.2R2, 13.3 version before 13.3R1

Trust: 1.98

sources: NVD: CVE-2014-0615 // JVNDB: JVNDB-2014-001065 // BID: 64762 // VULHUB: VHN-68108

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	13.3	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	13.1	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	13.2	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	10.4	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x45	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.2	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1r	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	11.4	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1r8-s2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	10.4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x44-d30	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	11.4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.2r7	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.3r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	10.4r16	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2r2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x45-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x45	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	11.4r10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1r	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.1r3-s1	Trust: 0.8

sources: JVNDB: JVNDB-2014-001065 // CNNVD: CNNVD-201401-217 // NVD: CVE-2014-0615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0615
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0615
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201401-217
value:	HIGH
Trust: 0.6
VULHUB:	VHN-68108
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0615
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68108
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68108 // JVNDB: JVNDB-2014-001065 // CNNVD: CNNVD-201401-217 // NVD: CVE-2014-0615

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-68108 // JVNDB: JVNDB-2014-001065 // NVD: CVE-2014-0615

THREAT TYPE

local

Trust: 0.9

sources: BID: 64762 // CNNVD: CNNVD-201401-217

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-217

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001065

PATCH

title:

JSA10608

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608

Trust: 0.8

sources: JVNDB: JVNDB-2014-001065

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0615	Trust: 2.8
db:	BID	id:	64762	Trust: 2.0
db:	JUNIPER	id:	JSA10608	Trust: 2.0
db:	SECTRACK	id:	1029585	Trust: 1.7
db:	OSVDB	id:	101862	Trust: 1.7
db:	JVNDB	id:	JVNDB-2014-001065	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-217	Trust: 0.7
db:	SECUNIA	id:	56375	Trust: 0.6
db:	VULHUB	id:	VHN-68108	Trust: 0.1

sources: VULHUB: VHN-68108 // BID: 64762 // JVNDB: JVNDB-2014-001065 // CNNVD: CNNVD-201401-217 // NVD: CVE-2014-0615

REFERENCES

url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10608	Trust: 1.9
url:	http://www.securityfocus.com/bid/64762	Trust: 1.7
url:	http://osvdb.org/101862	Trust: 1.7
url:	http://www.securitytracker.com/id/1029585	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0615	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0615	Trust: 0.8
url:	http://secunia.com/advisories/56375	Trust: 0.6
url:	http://www.juniper.net	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10608	Trust: 0.1

sources: VULHUB: VHN-68108 // BID: 64762 // JVNDB: JVNDB-2014-001065 // CNNVD: CNNVD-201401-217 // NVD: CVE-2014-0615

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 64762

SOURCES

db:	VULHUB	id:	VHN-68108
db:	BID	id:	64762
db:	JVNDB	id:	JVNDB-2014-001065
db:	CNNVD	id:	CNNVD-201401-217
db:	NVD	id:	CVE-2014-0615

LAST UPDATE DATE

2025-04-11T22:48:23.960000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68108	date:	2014-01-24T00:00:00
db:	BID	id:	64762	date:	2014-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-001065	date:	2014-01-30T00:00:00
db:	CNNVD	id:	CNNVD-201401-217	date:	2014-01-16T00:00:00
db:	NVD	id:	CVE-2014-0615	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68108	date:	2014-01-15T00:00:00
db:	BID	id:	64762	date:	2014-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-001065	date:	2014-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201401-217	date:	2014-01-16T00:00:00
db:	NVD	id:	CVE-2014-0615	date:	2014-01-15T16:08:04.313