KLA10541 Multiple vulnerabilities in Juniper Junos

Multiple serious vulnerabilities have been found in Juniper Junos. Malicious users can exploit these vulnerabilities to gainprivileges, execute arbitrary code orspoof user interface.

Below is a complete list of vulnerabilities

1. XSS vulnerability can be exploited remotely via unspecified vectors;
2. Unknown vulnerability can be exploited remotely via a specially designed header or CLI commands;
3. Lack of log-out-on-disconnect enforcement can be exploited remotely via devica access manipulations.

Original advisories

Juniper advisory

Juniper advisory

Juniper advisory

Juniper advisory

Related products

Juniper-Junos-OS

CVE list

CVE-2015-3005 warning

CVE-2015-3004 warning

CVE-2015-3002 high

CVE-2015-3003 high

Solution

Update to the latest version

Impacts

• CI

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Juniper Junos 11.4 versions earlier than 11.4R12Juniper Junos 12.1X44 versions earlier than 12.1X44-D45Juniper Junos 12.1X46 versions earlier than 12.1X46-D30Juniper Junos 12.1X47 versions earlier than 12.1X47-D20Juniper Junos 12.2 versions earlier than 12.2R9Juniper Junos 12.3 versions earlier than 12.3R9Juniper Junos 12.3X48 versions earlier than 12.3X48-D10Juniper Junos 13.2 versions earlier than 13.2R6Juniper Junos 13.2X51 versions earlier than 13.2X51-D20Juniper Junos 13.3 versions earlier than 13.3R5Juniper Junos 14.1 versions earlier than 14.1R3Juniper Junos 14.1X53 versions earlier than 14.1X53-D10Juniper Junos 14.2 versions earlier than 14.2R1