ID

VAR-202001-1293


CVE

CVE-2014-6448


TITLE

Juniper Junos OS Vulnerabilities in permissions management

Trust: 0.8

sources: JVNDB: JVNDB-2014-008815

DESCRIPTION

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. Juniper Junos OS Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Juniper Junos OS. The following products and versions are affected: Juniper Junos OS 13.2 prior to 13.2R5, 13.2X51, 13.2X52, 13.3 prior to 13.3R3

Trust: 1.71

sources: NVD: CVE-2014-6448 // JVNDB: JVNDB-2014-008815 // VULHUB: VHN-74392

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:13.2x52

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.2x51

Trust: 1.6

vendor:junipermodel:junos osscope:ltversion:13.2 thats all 13.2r5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.2x51

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.2x52

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.3 thats all 13.3r3

Trust: 0.8

sources: JVNDB: JVNDB-2014-008815 // CNNVD: CNNVD-202001-787 // NVD: CVE-2014-6448

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6448
value: HIGH

Trust: 1.0

NVD: CVE-2014-6448
value: HIGH

Trust: 0.8

VULHUB: VHN-74392
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-6448
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-74392
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-6448
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2014-6448
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-74392 // JVNDB: JVNDB-2014-008815 // NVD: CVE-2014-6448

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.9

sources: VULHUB: VHN-74392 // JVNDB: JVNDB-2014-008815 // NVD: CVE-2014-6448

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202001-787

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-787

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008815

PATCH

title:JSA10695url:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695

Trust: 0.8

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107115

Trust: 0.6

sources: JVNDB: JVNDB-2014-008815 // CNNVD: CNNVD-202001-787

EXTERNAL IDS

db:NVDid:CVE-2014-6448

Trust: 2.5

db:JUNIPERid:JSA10695

Trust: 1.7

db:JVNDBid:JVNDB-2014-008815

Trust: 0.8

db:CNNVDid:CNNVD-202001-787

Trust: 0.7

db:VULHUBid:VHN-74392

Trust: 0.1

sources: VULHUB: VHN-74392 // JVNDB: JVNDB-2014-008815 // CNNVD: CNNVD-202001-787 // NVD: CVE-2014-6448

REFERENCES

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10695

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-6448

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6448

Trust: 0.8

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10695

Trust: 0.1

sources: VULHUB: VHN-74392 // JVNDB: JVNDB-2014-008815 // CNNVD: CNNVD-202001-787 // NVD: CVE-2014-6448

SOURCES

db:VULHUBid:VHN-74392
db:JVNDBid:JVNDB-2014-008815
db:CNNVDid:CNNVD-202001-787
db:NVDid:CVE-2014-6448

LAST UPDATE DATE

2024-11-23T22:48:09.497000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-74392date:2020-01-24T00:00:00
db:JVNDBid:JVNDB-2014-008815date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-787date:2020-01-16T00:00:00
db:NVDid:CVE-2014-6448date:2024-11-21T02:14:24.297

SOURCES RELEASE DATE

db:VULHUBid:VHN-74392date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2014-008815date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-787date:2020-01-15T00:00:00
db:NVDid:CVE-2014-6448date:2020-01-15T18:15:11.540