Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-4924

Summary
Assigner-juniper
Assigner Org ID-8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At-13 Oct, 2017 | 17:00
Updated At-16 Sep, 2024 | 22:25
Rejected At-
Credits

vMX: Information leak vulnerability

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:juniper
Assigner Org ID:8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At:13 Oct, 2017 | 17:00
Updated At:16 Sep, 2024 | 22:25
Rejected At:
▼CVE Numbering Authority (CNA)
vMX: Information leak vulnerability

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8

Affected Products
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • vMX
Versions
Affected
  • 15.1 prior to 15.1F5
  • 14.1 prior to 14.1R8
Problem Types
TypeCWE IDDescription
textN/AInformation leak vulnerability
Type: text
CWE ID: N/A
Description: Information leak vulnerability
Metrics
VersionBase scoreBase severityVector
3.08.4HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Version: 3.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Limit access to only trusted users on the host machine where vMX is deployed.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/93531
vdb-entry
x_refsource_BID
https://kb.juniper.net/JSA10766
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/93531
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://kb.juniper.net/JSA10766
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/93531
vdb-entry
x_refsource_BID
x_transferred
https://kb.juniper.net/JSA10766
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/93531
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://kb.juniper.net/JSA10766
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:sirt@juniper.net
Published At:13 Oct, 2017 | 17:29
Updated At:20 Apr, 2025 | 01:37

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.08.4HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.01.7LOW
AV:L/AC:L/Au:S/C:P/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 1.7
Base severity: LOW
Vector:
AV:L/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r7:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-275Primarynvd@nist.gov
CWE ID: CWE-275
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/93531sirt@juniper.net
Third Party Advisory
VDB Entry
https://kb.juniper.net/JSA10766sirt@juniper.net
Vendor Advisory
http://www.securityfocus.com/bid/93531af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://kb.juniper.net/JSA10766af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/93531
Source: sirt@juniper.net
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://kb.juniper.net/JSA10766
Source: sirt@juniper.net
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/93531
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://kb.juniper.net/JSA10766
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2019-0021
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.40%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 21:00
Updated-16 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text

On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-atp700atp400advanced_threat_preventionJuniper ATP
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-2328
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.79%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-northstar_controllerNorthStar Controller Application
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Details not found