Sign-up

ID

VAR-201609-0027


CVE

CVE-2016-1279


TITLE

Juniper Junos OS of J-Web Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-004595

DESCRIPTION

J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors. Juniper Junos is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to gain administrative privileges. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. J-Web is one of the network management tools. The following versions are affected: Juniper Junos OS prior to 12.1X46-D45, 12.1X46-D50, 12.1X47 prior to 12.1X47-D35, 12.3 prior to 12.3R12, 12.3X48 prior to 12.3X48-D25, 13.3 13.3 before R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, 15.1R before 15.1R3

Trust: 2.07

sources: NVD: CVE-2016-1279 // JVNDB: JVNDB-2016-004595 // BID: 91759 // VULHUB: VHN-90098 // VULMON: CVE-2016-1279

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.1x47

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:lteversion:12.1x46

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:12.3r12

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.3r9

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.3r9-s1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.3r10

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d50

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x47-d35

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1a2 or 15.1f4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d30

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x47

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d35

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1r

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r7

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d25

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r3

Trust: 0.8

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos r2scope:eqversion:14.2

Trust: 0.3

vendor:junipermodel:junos r1scope:eqversion:14.2

Trust: 0.3

vendor:junipermodel:junos rscope:eqversion:14.2

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30.3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos r3scope:eqversion:14.1

Trust: 0.3

vendor:junipermodel:junos r2scope:eqversion:14.1

Trust: 0.3

vendor:junipermodel:junos r1scope:eqversion:14.1

Trust: 0.3

vendor:junipermodel:junos 13.3r9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r7-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r3-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r9.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r8.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r7-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r6.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r5.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r3.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r10.2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r1.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos r8scope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos r7scope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos r6scope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos r5scope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos r4scope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos r3scope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos r2scope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos r1scope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos d25scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos d20scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos d15scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos -d10scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1a2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.3r9-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.3r10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d51scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d46scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d45scope:neversion: -

Trust: 0.3

sources: BID: 91759 // JVNDB: JVNDB-2016-004595 // CNNVD: CNNVD-201607-419 // NVD: CVE-2016-1279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1279
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1279
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201607-419
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90098
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1279
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1279
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90098
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1279
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90098 // VULMON: CVE-2016-1279 // JVNDB: JVNDB-2016-004595 // CNNVD: CNNVD-201607-419 // NVD: CVE-2016-1279

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-90098 // JVNDB: JVNDB-2016-004595 // NVD: CVE-2016-1279

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-419

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201607-419

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004595

PATCH
title:JSA10754url:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10754
Trust: 0.8
title:Juniper Junos Remedial measures for remote privilege escalationurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62962
Trust: 0.6
title: - url:https://www.theregister.co.uk/2016/07/14/junipers_bug_hunters_fire_out_eight_patches/
Trust: 0.2
title: - url:https://threatpost.com/juniper-crypto-bug-lets-attackers-eavesdrop-on-router-switch-traffic/119319/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-1279 // 
            
            
            
            JVNDB: JVNDB-2016-004595 // 
            
            
            
            CNNVD: CNNVD-201607-419

EXTERNAL IDS
db:NVDid:CVE-2016-1279
Trust: 2.9
db:BIDid:91759
Trust: 2.1
db:JUNIPERid:JSA10754
Trust: 2.1
db:SECTRACKid:1036302
Trust: 1.2
db:JVNDBid:JVNDB-2016-004595
Trust: 0.8
db:CNNVDid:CNNVD-201607-419
Trust: 0.7
db:VULHUBid:VHN-90098
Trust: 0.1
db:VULMONid:CVE-2016-1279
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90098 // 
            
            
            
            VULMON: CVE-2016-1279 // 
            
            
            
            BID: 91759 // 
            
            
            
            JVNDB: JVNDB-2016-004595 // 
            
            
            
            CNNVD: CNNVD-201607-419 // 
            
            
            
            NVD: CVE-2016-1279

REFERENCES
url:http://www.securityfocus.com/bid/91759
Trust: 1.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10754
Trust: 1.7
url:http://www.securitytracker.com/id/1036302
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1279
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1279
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10754&cat=sirt_1&actp=list
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10754
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=47142
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/juniper-crypto-bug-lets-attackers-eavesdrop-on-router-switch-traffic/119319/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90098 // 
            
            
            
            VULMON: CVE-2016-1279 // 
            
            
            
            BID: 91759 // 
            
            
            
            JVNDB: JVNDB-2016-004595 // 
            
            
            
            CNNVD: CNNVD-201607-419 // 
            
            
            
            NVD: CVE-2016-1279

CREDITS
Kyle Lovett and Dor Tumarkin.
Trust: 0.9
sources:
            
            
            BID: 91759 // 
            
            
            
            CNNVD: CNNVD-201607-419

SOURCES
db:VULHUBid:VHN-90098
db:VULMONid:CVE-2016-1279
db:BIDid:91759
db:JVNDBid:JVNDB-2016-004595
db:CNNVDid:CNNVD-201607-419
db:NVDid:CVE-2016-1279

LAST UPDATE DATE
2025-04-13T23:02:45.068000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90098date:2017-09-01T00:00:00
db:VULMONid:CVE-2016-1279date:2017-09-01T00:00:00
db:BIDid:91759date:2016-07-13T00:00:00
db:JVNDBid:JVNDB-2016-004595date:2016-09-12T00:00:00
db:CNNVDid:CNNVD-201607-419date:2016-09-12T00:00:00
db:NVDid:CVE-2016-1279date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90098date:2016-09-09T00:00:00
db:VULMONid:CVE-2016-1279date:2016-09-09T00:00:00
db:BIDid:91759date:2016-07-13T00:00:00
db:JVNDBid:JVNDB-2016-004595date:2016-09-12T00:00:00
db:CNNVDid:CNNVD-201607-419date:2016-07-15T00:00:00
db:NVDid:CVE-2016-1279date:2016-09-09T14:05:05.017