VAR-201608-0004
Vulnerability from variot - Updated: 2025-04-13 23:32Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. Juniper Junos is prone to a local authentication-bypass vulnerability. A local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Juniper Junos versions 12.1X46 prior to 12.1X46-D50 are vulnerable. Juniper Junos OS on SRX Series devices is a network operating system developed by Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS prior to 12.1X46-D50 on SRX Series devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "lte",
"trust": 1.0,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.9,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x46-d50"
},
{
"model": "junos 12.1x46-d45",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d36",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d20.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos d20",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos d15",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos d10",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos -d10",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos 12.1x46-d50",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "91757"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:juniper:junos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "91757"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2016-1278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-90097",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-1278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1278",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-421",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90097",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-1278",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to \"safe mode\" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the \"request system software\" command with the \"partition\" option. Juniper Junos is prone to a local authentication-bypass vulnerability. \nA local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nJuniper Junos versions 12.1X46 prior to 12.1X46-D50 are vulnerable. Juniper Junos OS on SRX Series devices is a network operating system developed by Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS prior to 12.1X46-D50 on SRX Series devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "BID",
"id": "91757"
},
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1278",
"trust": 2.9
},
{
"db": "BID",
"id": "91757",
"trust": 2.1
},
{
"db": "JUNIPER",
"id": "JSA10753",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036307",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90097",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1278",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "BID",
"id": "91757"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"id": "VAR-201608-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:32:38.205000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10753",
"trust": 0.8,
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10753\u0026actp=search"
},
{
"title": "Juniper Junos Local authentication bypass vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62964"
},
{
"title": null,
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/07/14/junipers_bug_hunters_fire_out_eight_patches/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/91757"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1036307"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10753"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1278"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1278"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10753\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10753"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "BID",
"id": "91757"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90097"
},
{
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"db": "BID",
"id": "91757"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-90097"
},
{
"date": "2016-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"date": "2016-07-13T00:00:00",
"db": "BID",
"id": "91757"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"date": "2016-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"date": "2016-08-05T15:59:05.537000",
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-90097"
},
{
"date": "2016-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1278"
},
{
"date": "2016-07-13T00:00:00",
"db": "BID",
"id": "91757"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004368"
},
{
"date": "2016-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-421"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "91757"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper SRX Runs on series devices Junos OS Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004368"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-421"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…