Sign-up

ID

VAR-201710-0041


CVE

CVE-2016-4922


TITLE

Juniper Networks Junos OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008846

DESCRIPTION

Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70. Juniper Networks Junos OS Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos is prone to multiple local privilege-escalation vulnerabilities. A local attacker can exploit these issues to gain elevated privileges. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS. The following versions are affected: Juniper Networks Junos OS Release 11.4, Release 12.1X46, Release 12.1X47, Release 12.3, Release 12.3X48, Release 13.2, Release 13.3, Release 14.1, Release 14.1X53, Release 14.1X55, Release 14.2, Release 15.1, 15.1X49 version, 15.1X53 version

Trust: 1.98

sources: NVD: CVE-2016-4922 // JVNDB: JVNDB-2016-008846 // BID: 93534 // VULHUB: VHN-93741

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x55

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:11.4r13

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x47

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:11.4

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:14.1x53-d28

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3r12

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r4-s7

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:11.4r13-s3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x55-d35

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x55

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:11.4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.3r4-s11

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d57

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.2r9

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d60

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d35

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r3-s10

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r4-s12

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d70

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d60

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.3r9

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d40

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x47

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r7

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x47-d45

Trust: 0.8

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x55-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x55-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30.3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r8.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r7-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r6.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r5.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r3.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r10.2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r1.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d23scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d70scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d60scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x55-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.3r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.2r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d45scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d60scope:neversion: -

Trust: 0.3

sources: BID: 93534 // JVNDB: JVNDB-2016-008846 // CNNVD: CNNVD-201710-524 // NVD: CVE-2016-4922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4922
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2016-4922
value: HIGH

Trust: 1.0

NVD: CVE-2016-4922
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-524
value: HIGH

Trust: 0.6

VULHUB: VHN-93741
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4922
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93741
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4922
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2016-4922
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-93741 // JVNDB: JVNDB-2016-008846 // CNNVD: CNNVD-201710-524 // NVD: CVE-2016-4922 // NVD: CVE-2016-4922

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-93741 // JVNDB: JVNDB-2016-008846 // NVD: CVE-2016-4922

THREAT TYPE

local

Trust: 0.9

sources: BID: 93534 // CNNVD: CNNVD-201710-524

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201710-524

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008846

PATCH
title:JSA10763url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10763&actp=METADATA
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75560
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008846 // 
            
            
            
            CNNVD: CNNVD-201710-524

EXTERNAL IDS
db:NVDid:CVE-2016-4922
Trust: 2.8
db:JUNIPERid:JSA10763
Trust: 2.0
db:BIDid:93534
Trust: 2.0
db:SECTRACKid:1037013
Trust: 1.7
db:JVNDBid:JVNDB-2016-008846
Trust: 0.8
db:CNNVDid:CNNVD-201710-524
Trust: 0.7
db:VULHUBid:VHN-93741
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93741 // 
            
            
            
            BID: 93534 // 
            
            
            
            JVNDB: JVNDB-2016-008846 // 
            
            
            
            CNNVD: CNNVD-201710-524 // 
            
            
            
            NVD: CVE-2016-4922

REFERENCES
url:http://www.securityfocus.com/bid/93534
Trust: 1.7
url:https://kb.juniper.net/jsa10763
Trust: 1.7
url:http://www.securitytracker.com/id/1037013
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4922
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-4922
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10763&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            VULHUB: VHN-93741 // 
            
            
            
            BID: 93534 // 
            
            
            
            JVNDB: JVNDB-2016-008846 // 
            
            
            
            CNNVD: CNNVD-201710-524 // 
            
            
            
            NVD: CVE-2016-4922

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 93534

SOURCES
db:VULHUBid:VHN-93741
db:BIDid:93534
db:JVNDBid:JVNDB-2016-008846
db:CNNVDid:CNNVD-201710-524
db:NVDid:CVE-2016-4922

LAST UPDATE DATE
2025-04-20T23:30:52.310000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93741date:2019-10-09T00:00:00
db:BIDid:93534date:2016-10-26T09:06:00
db:JVNDBid:JVNDB-2016-008846date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-524date:2019-10-17T00:00:00
db:NVDid:CVE-2016-4922date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-93741date:2017-10-13T00:00:00
db:BIDid:93534date:2016-10-12T00:00:00
db:JVNDBid:JVNDB-2016-008846date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-524date:2017-10-18T00:00:00
db:NVDid:CVE-2016-4922date:2017-10-13T17:29:00.300