Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Junos | Juniper | 13.2 (including) | 13.2 (including) |
| Junos | Juniper | 13.2-r1 (including) | 13.2-r1 (including) |
| Junos | Juniper | 13.2-r2 (including) | 13.2-r2 (including) |
| Junos | Juniper | 13.2-r3 (including) | 13.2-r3 (including) |
| Junos | Juniper | 13.2-r4 (including) | 13.2-r4 (including) |
| Junos | Juniper | 13.2x51 (including) | 13.2x51 (including) |
| Junos | Juniper | 13.2x52 (including) | 13.2x52 (including) |
| Junos | Juniper | 13.3 (including) | 13.3 (including) |
| Junos | Juniper | 13.3-r1 (including) | 13.3-r1 (including) |
| Junos | Juniper | 13.3-r2 (including) | 13.3-r2 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695
- http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695