CVE-2014-6448

Published: Jan 15, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.

Affected (10)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 13.2
Juniper Junos	Version 13.2 r1
Juniper Junos	Version 13.2 r2
Juniper Junos	Version 13.2 r3
Juniper Junos	Version 13.2 r4
Juniper Junos	Version 13.2x51
Juniper Junos	Version 13.2x52
Juniper Junos	Version 13.3
Juniper Junos	Version 13.3 r1
Juniper Junos	Version 13.3 r2

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695

Source: cve@mitre.org

Vendor Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.