FKIE_CVE-2014-6379

Vulnerability from fkie_nvd - Published: 2014-10-14 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors.
References
cve@mitre.orghttp://www.securityfocus.com/bid/70365
cve@mitre.orghttp://www.securitytracker.com/id/1031010
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/96905
cve@mitre.orghttps://kb.juniper.net/InfoCenter/index?page=content&id=JSA10654Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/70365
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031010
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/96905
af854a3a-2127-422b-91ae-364da2661108https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10654Vendor Advisory
Impacted products
Vendor Product Version
juniper junos 11.4
juniper junos 12.1
juniper junos 12.1r
juniper junos 12.1x44
juniper junos 12.1x45
juniper junos 12.1x46
juniper junos 12.1x47
juniper junos 12.2
juniper junos 12.2x50
juniper junos 12.3
juniper junos 12.3
juniper junos 13.1
juniper junos 13.1
juniper junos 13.1x49
juniper junos 13.1x50
juniper junos 13.2
juniper junos 13.2x50
juniper junos 13.2x51
juniper junos 13.2x52
juniper junos 13.3
juniper junos 14.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "41543223-0FA9-4CBE-8DEC-717CE5FFED79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40B8FD6-A597-4845-8E8E-63EFDF606006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1r:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE31A7E-657C-49FC-B3F8-5654B0C6087E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B307477-C5F2-4D98-AF4C-640D326164C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x45:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E747970-4C27-4B46-9163-964252CB98F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB89F64-16BB-4A14-9084-B338668D7FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB3DE56-1B04-4A53-B4A4-93286FC98463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FB9541A-2570-459A-87D6-5341C67B8EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.2x50:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0684A88-6BBE-4F7E-A79A-AF8244241E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E014A0D-0054-4EBA-BA1F-035B74BD822F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*",
              "matchCriteriaId": "3C240840-A6BC-4E3D-A60D-22F08E67E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71FB12AC-DB5A-444A-81E0-C0DDD06810EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.1:r4-s2:*:*:*:*:*:*",
              "matchCriteriaId": "08BC545E-EBE1-45EB-9D1E-9CAEF52E7C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.1x49:*:*:*:*:*:*:*",
              "matchCriteriaId": "C71D3BA8-DA7D-46EF-8E2C-63DD630B7A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.1x50:*:*:*:*:*:*:*",
              "matchCriteriaId": "016DCFD8-9E72-4857-AE98-42F7BB581903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB7D840-9469-4CE2-8DBF-017A44741374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2x50:*:*:*:*:*:*:*",
              "matchCriteriaId": "14ED6898-86EC-484F-9ACB-0485B0DECDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2x51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B73BE56-F298-4EC5-88A3-D9808B89B63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.2x52:*:*:*:*:*:*:*",
              "matchCriteriaId": "E69CA1E9-4416-4DEC-BF97-C22C615385BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4AF5DAA-62F5-491F-A9CE-098970671D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6237291A-B861-4D53-B7AA-C53A44B76896",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Juniper Junos 11.4 anterior a R12, 12.1 anterior a R10, 12.1X44 anterior a D35, 12.1X45 anterior a D25, 12.1X46 anterior a D20, 12.1X47 anterior a D10, 12.2 anterior a R8, 12.2X50 anterior a D70, 12.3 anterior a R6, 13.1 anterior a R4-S3, 13.1X49 anterior a D55, 13.1X50 anterior a D30, 13.2 anterior a R4, 13.2X50 anterior a D20, 13.2X51 anterior a D26 y D30, 13.2X52 anterior a D15, 13.3 anterior a R2, y 14.1 anterior a R1, cunado un servidor de contabilidad RADIUS est\u00e1 configurado como [system accounting destination radius], crea una entrada en /var/etc/pam_radius.conf, lo que podr\u00eda permitir a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-6379",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-14T14:55:06.413",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/70365"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1031010"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96905"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10654"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10654"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.