← Back

CVE-2014-6384

nvd nist
Published: Jan 16, 2015Modified: May 6, 2026

JSON object

Loading...
6.9
Vector
AV:L/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 3.4 / Impact: 10.0
Source: NVD

Description

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors.

Affected (43)

Products: Juniper: Junos
Juniper
1 product
Junos
Configuration A
43 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 12.1x44
Junos
Version 12.1x44 d10
Junos
Version 12.1x44 d15
Junos
Version 12.1x44 d20
Junos
Version 12.1x44 d25
Junos
Version 12.1x44 d30
Junos
Version 12.1x44 d35
Junos
Version 12.1x44 d40
Junos
Version 12.1x46
Junos
Version 12.1x46 d10
Junos
Version 12.1x46 d15
Junos
Version 12.1x46 d20
Junos
Version 12.1x47
Junos
Version 12.1x47 d10
Junos
Version 12.3
Junos
Version 12.3 r1
Junos
Version 12.3 r2
Junos
Version 12.3 r3
Junos
Version 12.3 r4
Junos
Version 12.3 r5
Junos
Version 12.3 r6
Junos
Version 12.3 r7
Junos
Version 12.3 r8
Junos
Version 13.1
Junos
Version 13.1 r1
Junos
Version 13.1 r2
Junos
Version 13.1 r3
Junos
Version 13.1 r4
Junos
Version 13.2
Junos
Version 13.2 r1
Junos
Version 13.2 r2
Junos
Version 13.2 r3
Junos
Version 13.2 r4
Junos
Version 13.2 r5
Junos
Version 13.3
Junos
Version 13.3 r1
Junos
Version 13.3 r2
Junos
Version 13.3 r3
Junos
Version 13.3 r4
Junos
Version 14.1
Junos
Version 14.1 r1
Junos
Version 14.1 r2
Junos
Version 14.2

Related CWEs

CWE-264
CWE-264

References (6)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.