Details of VAR-201510-0413

ID

VAR-201510-0413

CVE

CVE-2015-7751

TITLE

Juniper Junos OS In root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-005386

DESCRIPTION

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Networks Junos OS prior to 12.1X44-D50, 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, 12.3 prior to 12.3R9, 12.3X48 prior to 12.3X48-D15, 13.2 Version 13.2 before R7, Version 13.2X51 before 13.2X51-D35, Version 13.3 before 13.3R6, Version 14.1 before 14.1R5, Version 14.1X50 before 14.1X50-D105, Version 14.1X51 before 14.1X51-D70, Version 14.1 before 14.1X53-D25 X53 version, 14.1X55 version before 14.1X55-D20, 14.2 version before 14.2R1, 15.1 version before 15.1F2, 15.1X49 version before 15.1X49-D10

Trust: 1.71

sources: NVD: CVE-2015-7751 // JVNDB: JVNDB-2015-005386 // VULHUB: VHN-85712

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x47	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x51	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x55	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	lte	version:	12.1x44	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x50	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.2x51	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x47-d25	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2x51-d35	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2r7	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3x48	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.3r6	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x55	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r9	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3x48-d15	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x53	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1x49-d10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.2r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x51	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x47	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1f2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1x49	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d35	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x50-d105	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x55-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x50	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x51-d70	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2x51	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x53-d25	Trust: 0.8
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 0.6

sources: JVNDB: JVNDB-2015-005386 // CNNVD: CNNVD-201510-339 // NVD: CVE-2015-7751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7751
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7751
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201510-339
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85712
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7751
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-85712
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-85712 // JVNDB: JVNDB-2015-005386 // CNNVD: CNNVD-201510-339 // NVD: CVE-2015-7751

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-85712 // JVNDB: JVNDB-2015-005386 // NVD: CVE-2015-7751

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-339

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201510-339

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005386

PATCH

title:

JSA10707

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10707&actp=search

Trust: 0.8

sources: JVNDB: JVNDB-2015-005386

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7751	Trust: 2.5
db:	JUNIPER	id:	JSA10707	Trust: 1.7
db:	SECTRACK	id:	1033817	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-005386	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-339	Trust: 0.7
db:	VULHUB	id:	VHN-85712	Trust: 0.1

sources: VULHUB: VHN-85712 // JVNDB: JVNDB-2015-005386 // CNNVD: CNNVD-201510-339 // NVD: CVE-2015-7751

REFERENCES

url:	http://www.securitytracker.com/id/1033817	Trust: 1.7
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10707	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7751	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7751	Trust: 0.8
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10707	Trust: 0.1

sources: VULHUB: VHN-85712 // JVNDB: JVNDB-2015-005386 // CNNVD: CNNVD-201510-339 // NVD: CVE-2015-7751

SOURCES

db:	VULHUB	id:	VHN-85712
db:	JVNDB	id:	JVNDB-2015-005386
db:	CNNVD	id:	CNNVD-201510-339
db:	NVD	id:	CVE-2015-7751

LAST UPDATE DATE

2025-04-13T23:35:06.662000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85712	date:	2015-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-005386	date:	2015-10-21T00:00:00
db:	CNNVD	id:	CNNVD-201510-339	date:	2015-10-20T00:00:00
db:	NVD	id:	CVE-2015-7751	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85712	date:	2015-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2015-005386	date:	2015-10-21T00:00:00
db:	CNNVD	id:	CNNVD-201510-339	date:	2015-10-20T00:00:00
db:	NVD	id:	CVE-2015-7751	date:	2015-10-19T18:59:04.457