Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7751

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file.

Published

2015-10-19T18:59:04.457

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	≤ 12.1x44	Yes
Operating System	juniper	junos	12.1x46	Yes
Operating System	juniper	junos	12.1x46	Yes
Operating System	juniper	junos	12.1x46	Yes
Operating System	juniper	junos	12.1x46	Yes
Operating System	juniper	junos	12.1x46	Yes
Operating System	juniper	junos	12.1x46	Yes
Operating System	juniper	junos	12.1x47	Yes
Operating System	juniper	junos	12.1x47	Yes
Operating System	juniper	junos	12.1x47	Yes
Operating System	juniper	junos	12.1x47	Yes
Operating System	juniper	junos	12.3	Yes
Operating System	juniper	junos	12.3	Yes
Operating System	juniper	junos	12.3	Yes
Operating System	juniper	junos	12.3	Yes
Operating System	juniper	junos	12.3	Yes
Operating System	juniper	junos	12.3	Yes
Operating System	juniper	junos	12.3	Yes
Operating System	juniper	junos	12.3	Yes
Operating System	juniper	junos	12.3	Yes
Operating System	juniper	junos	12.3x48	Yes
Operating System	juniper	junos	12.3x48	Yes
Operating System	juniper	junos	12.3x48	Yes
Operating System	juniper	junos	13.2	Yes
Operating System	juniper	junos	13.2	Yes
Operating System	juniper	junos	13.2	Yes
Operating System	juniper	junos	13.2	Yes
Operating System	juniper	junos	13.2	Yes
Operating System	juniper	junos	13.2	Yes
Operating System	juniper	junos	13.2	Yes
Operating System	juniper	junos	13.2x51	Yes
Operating System	juniper	junos	13.2x51	Yes
Operating System	juniper	junos	13.2x51	Yes
Operating System	juniper	junos	13.2x51	Yes
Operating System	juniper	junos	13.2x51	Yes
Operating System	juniper	junos	13.3	Yes
Operating System	juniper	junos	13.3	Yes
Operating System	juniper	junos	13.3	Yes
Operating System	juniper	junos	13.3	Yes
Operating System	juniper	junos	13.3	Yes
Operating System	juniper	junos	13.3	Yes
Operating System	juniper	junos	14.1	Yes
Operating System	juniper	junos	14.1	Yes
Operating System	juniper	junos	14.1	Yes
Operating System	juniper	junos	14.1	Yes
Operating System	juniper	junos	14.1	Yes
Operating System	juniper	junos	14.1x50	Yes
Operating System	juniper	junos	14.1x51	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x55	Yes
Operating System	juniper	junos	14.2	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1x49	Yes

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10707 Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1033817 ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10707 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033817 (af854a3a-2127-422b-91ae-364da2661108)