JunOS Local Security Checks : Junos Local Privilege Escalation Vulnerability

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106018

Categoría: JunOS Local Security Checks

Título: Junos Local Privilege Escalation Vulnerability

Resumen: Junos OS is prone to a local privilege escalation vulnerability.

Descripción: Summary:
Junos OS is prone to a local privilege escalation vulnerability.

Vulnerability Insight:
On SRX Series services gateways, the 'set system ports console insecure'
feature does not work as expected. This feature is intended to prevent non-root users from performing
password recovery using the console (see KB22619). This issue affects SRX Series services gateways only.
No other Junos devices are affected.

Vulnerability Impact:
This vulnerability may allow a non-root user with physical access
to the console port to gain full administrative privileges.

Affected Software/OS:
Junos OS 12.1X46, 12.1X47 and 12.1X48

Solution:
New builds of Junos OS software are available from Juniper.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3007
http://www.securitytracker.com/id/1032841

Copyright This script is Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106018
Categoría:	JunOS Local Security Checks
Título:	Junos Local Privilege Escalation Vulnerability
Resumen:	Junos OS is prone to a local privilege escalation vulnerability.
Descripción:	Summary: Junos OS is prone to a local privilege escalation vulnerability. Vulnerability Insight: On SRX Series services gateways, the 'set system ports console insecure' feature does not work as expected. This feature is intended to prevent non-root users from performing password recovery using the console (see KB22619). This issue affects SRX Series services gateways only. No other Junos devices are affected. Vulnerability Impact: This vulnerability may allow a non-root user with physical access to the console port to gain full administrative privileges. Affected Software/OS: Junos OS 12.1X46, 12.1X47 and 12.1X48 Solution: New builds of Junos OS software are available from Juniper. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3007 http://www.securitytracker.com/id/1032841
Copyright	This script is Copyright (C) 2015 Greenbone Networks GmbH