Details of VAR-201407-0478

ID

VAR-201407-0478

CVE

CVE-2014-3816

TITLE

Juniper Junos Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2014-003344

DESCRIPTION

Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1R1 allows remote authenticated users to gain privileges via unspecified combinations of CLI commands and arguments. Juniper Junos is prone to multiple local privilege-escalation vulnerabilities. Local attackers can exploit these issues to execute arbitrary commands with root privileges. Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in the Junos OS CLI command and parameter combination for Juniper Networks Juniper Junos. A remote attacker could exploit this vulnerability to gain privileges. The following versions are affected: Juniper Junos 11.4 prior to 11.4R12, 12.1 prior to 12.1R11, 12.1X44 prior to 12.1X44-D35, 12.1X45 prior to 12.1X45-D30, 12.1X46 prior to 12.1X46-D20 , 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2 Version, 14.1 version before 14.1R1

Trust: 1.98

sources: NVD: CVE-2014-3816 // JVNDB: JVNDB-2014-003344 // BID: 68541 // VULHUB: VHN-71756

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	14.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	13.3	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	13.2	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	13.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.2	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x47	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x45	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	11.4	Trust: 1.3
vendor:	juniper	model:	junos os	scope:	lt	version:	11.4 thats all 11.4r12	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1 thats all 12.1r11	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44 thats all 12.1x44-d35	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x45 thats all 12.1x45-d30	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46 thats all 12.1x46-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x47 thats all 12.1x47-d10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.2 thats all 12.2r8-s2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3 thats all 12.3r7	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.1 thats all 13.1r4-s2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2 thats all 13.2r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.3 thats all 13.3r2-s2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1 thats all 14.1r1	Trust: 0.8
vendor:	juniper	model:	junos 14.1r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r2-s2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r5	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r4-s2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r7	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r8-s2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d30	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d35	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r11	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r12	scope:	ne	version:	-	Trust: 0.3

sources: BID: 68541 // JVNDB: JVNDB-2014-003344 // CNNVD: CNNVD-201407-282 // NVD: CVE-2014-3816

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3816
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3816
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201407-282
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-71756
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3816
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71756
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71756 // JVNDB: JVNDB-2014-003344 // CNNVD: CNNVD-201407-282 // NVD: CVE-2014-3816

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-71756 // JVNDB: JVNDB-2014-003344 // NVD: CVE-2014-3816

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-282

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201407-282

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003344

PATCH

title:

JSA10634

url:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10634

Trust: 0.8

sources: JVNDB: JVNDB-2014-003344

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3816	Trust: 2.8
db:	JUNIPER	id:	JSA10634	Trust: 2.0
db:	SECTRACK	id:	1030559	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003344	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-282	Trust: 0.7
db:	BID	id:	68541	Trust: 0.4
db:	VULHUB	id:	VHN-71756	Trust: 0.1

sources: VULHUB: VHN-71756 // BID: 68541 // JVNDB: JVNDB-2014-003344 // CNNVD: CNNVD-201407-282 // NVD: CVE-2014-3816

REFERENCES

url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10634	Trust: 1.9
url:	http://www.securitytracker.com/id/1030559	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3816	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3816	Trust: 0.8
url:	http://www.juniper.net	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10634	Trust: 0.1

sources: VULHUB: VHN-71756 // BID: 68541 // JVNDB: JVNDB-2014-003344 // CNNVD: CNNVD-201407-282 // NVD: CVE-2014-3816

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 68541

SOURCES

db:	VULHUB	id:	VHN-71756
db:	BID	id:	68541
db:	JVNDB	id:	JVNDB-2014-003344
db:	CNNVD	id:	CNNVD-201407-282
db:	NVD	id:	CVE-2014-3816

LAST UPDATE DATE

2025-04-13T23:39:45.655000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71756	date:	2014-07-18T00:00:00
db:	BID	id:	68541	date:	2014-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-003344	date:	2014-07-15T00:00:00
db:	CNNVD	id:	CNNVD-201407-282	date:	2014-07-14T00:00:00
db:	NVD	id:	CVE-2014-3816	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71756	date:	2014-07-11T00:00:00
db:	BID	id:	68541	date:	2014-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-003344	date:	2014-07-15T00:00:00
db:	CNNVD	id:	CNNVD-201407-282	date:	2014-07-14T00:00:00
db:	NVD	id:	CVE-2014-3816	date:	2014-07-11T20:55:02.530