Details of VAR-201710-0043

ID

VAR-201710-0043

CVE

CVE-2016-4924

TITLE

Juniper Networks Junos OS Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008842

DESCRIPTION

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Junos OS is the operating system that runs on it

Trust: 1.98

sources: NVD: CVE-2016-4924 // JVNDB: JVNDB-2016-008842 // BID: 93531 // VULHUB: VHN-93743

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1	Trust: 1.6
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1f5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1r8	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1	Trust: 0.8
vendor:	juniper	model:	vmx	scope:	eq	version:	-	Trust: 0.3
vendor:	juniper	model:	vmx	scope:	ne	version:	16.1	Trust: 0.3
vendor:	juniper	model:	vmx 15.1f6	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	vmx 14.1r8	scope:	ne	version:	-	Trust: 0.3

sources: BID: 93531 // JVNDB: JVNDB-2016-008842 // CNNVD: CNNVD-201710-522 // NVD: CVE-2016-4924

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4924
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2016-4924
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4924
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201710-522
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-93743
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-4924
severity:	LOW
baseScore:	1.7
vectorString:	AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93743
severity:	LOW
baseScore:	1.7
vectorString:	AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4924
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8
sirt@juniper.net:	CVE-2016-4924
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.0
impactScore:	5.8
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-93743 // JVNDB: JVNDB-2016-008842 // CNNVD: CNNVD-201710-522 // NVD: CVE-2016-4924 // NVD: CVE-2016-4924

PROBLEMTYPE DATA

problemtype:

CWE-275

Trust: 1.9

sources: VULHUB: VHN-93743 // JVNDB: JVNDB-2016-008842 // NVD: CVE-2016-4924

THREAT TYPE

local

Trust: 0.9

sources: BID: 93531 // CNNVD: CNNVD-201710-522

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201710-522

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008842

PATCH

title:	JSA10766	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10766&actp=METADATA	Trust: 0.8
title:	Juniper vMX Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75558	Trust: 0.6

sources: JVNDB: JVNDB-2016-008842 // CNNVD: CNNVD-201710-522

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4924	Trust: 2.8
db:	JUNIPER	id:	JSA10766	Trust: 2.0
db:	BID	id:	93531	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-008842	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-522	Trust: 0.7
db:	VULHUB	id:	VHN-93743	Trust: 0.1

sources: VULHUB: VHN-93743 // BID: 93531 // JVNDB: JVNDB-2016-008842 // CNNVD: CNNVD-201710-522 // NVD: CVE-2016-4924

REFERENCES

url:	http://www.securityfocus.com/bid/93531	Trust: 1.7
url:	https://kb.juniper.net/jsa10766	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4924	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4924	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10766&cat=sirt_1&actp=list	Trust: 0.3

sources: VULHUB: VHN-93743 // BID: 93531 // JVNDB: JVNDB-2016-008842 // CNNVD: CNNVD-201710-522 // NVD: CVE-2016-4924

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 93531

SOURCES

db:	VULHUB	id:	VHN-93743
db:	BID	id:	93531
db:	JVNDB	id:	JVNDB-2016-008842
db:	CNNVD	id:	CNNVD-201710-522
db:	NVD	id:	CVE-2016-4924

LAST UPDATE DATE

2024-11-23T23:05:18.791000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93743	date:	2019-10-09T00:00:00
db:	BID	id:	93531	date:	2016-10-26T04:08:00
db:	JVNDB	id:	JVNDB-2016-008842	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201710-522	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2016-4924	date:	2024-11-21T02:53:14.790

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93743	date:	2017-10-13T00:00:00
db:	BID	id:	93531	date:	2016-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-008842	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201710-522	date:	2017-10-18T00:00:00
db:	NVD	id:	CVE-2016-4924	date:	2017-10-13T17:29:00.393