CVE-2015-7751 | Vulnerability Database | Aqua Security

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is corrupted, which allows local users to gain root privileges by modifying the file.

Affected Software

Name	Vendor	Start Version	End Version
Junos	Juniper	*	12.1x44 (including)
Junos	Juniper	12.1x46 (including)	12.1x46 (including)
Junos	Juniper	12.1x46-d10 (including)	12.1x46-d10 (including)
Junos	Juniper	12.1x46-d15 (including)	12.1x46-d15 (including)
Junos	Juniper	12.1x46-d20 (including)	12.1x46-d20 (including)
Junos	Juniper	12.1x46-d25 (including)	12.1x46-d25 (including)
Junos	Juniper	12.1x46-d30 (including)	12.1x46-d30 (including)
Junos	Juniper	12.1x47 (including)	12.1x47 (including)
Junos	Juniper	12.1x47-d10 (including)	12.1x47-d10 (including)
Junos	Juniper	12.1x47-d15 (including)	12.1x47-d15 (including)
Junos	Juniper	12.1x47-d20 (including)	12.1x47-d20 (including)
Junos	Juniper	12.3 (including)	12.3 (including)
Junos	Juniper	12.3-r1 (including)	12.3-r1 (including)
Junos	Juniper	12.3-r2 (including)	12.3-r2 (including)
Junos	Juniper	12.3-r3 (including)	12.3-r3 (including)
Junos	Juniper	12.3-r4 (including)	12.3-r4 (including)
Junos	Juniper	12.3-r5 (including)	12.3-r5 (including)
Junos	Juniper	12.3-r6 (including)	12.3-r6 (including)
Junos	Juniper	12.3-r7 (including)	12.3-r7 (including)
Junos	Juniper	12.3-r8 (including)	12.3-r8 (including)
Junos	Juniper	12.3x48 (including)	12.3x48 (including)
Junos	Juniper	12.3x48-d10 (including)	12.3x48-d10 (including)
Junos	Juniper	12.3x48-d5 (including)	12.3x48-d5 (including)
Junos	Juniper	13.2 (including)	13.2 (including)
Junos	Juniper	13.2-r1 (including)	13.2-r1 (including)
Junos	Juniper	13.2-r2 (including)	13.2-r2 (including)
Junos	Juniper	13.2-r3 (including)	13.2-r3 (including)
Junos	Juniper	13.2-r4 (including)	13.2-r4 (including)
Junos	Juniper	13.2-r5 (including)	13.2-r5 (including)
Junos	Juniper	13.2-r6 (including)	13.2-r6 (including)
Junos	Juniper	13.2x51 (including)	13.2x51 (including)
Junos	Juniper	13.2x51-d10 (including)	13.2x51-d10 (including)
Junos	Juniper	13.2x51-d15 (including)	13.2x51-d15 (including)
Junos	Juniper	13.2x51-d20 (including)	13.2x51-d20 (including)
Junos	Juniper	13.2x51-d25 (including)	13.2x51-d25 (including)
Junos	Juniper	13.3 (including)	13.3 (including)
Junos	Juniper	13.3-r1 (including)	13.3-r1 (including)
Junos	Juniper	13.3-r2 (including)	13.3-r2 (including)
Junos	Juniper	13.3-r3 (including)	13.3-r3 (including)
Junos	Juniper	13.3-r4 (including)	13.3-r4 (including)
Junos	Juniper	13.3-r5 (including)	13.3-r5 (including)
Junos	Juniper	14.1 (including)	14.1 (including)
Junos	Juniper	14.1-r1 (including)	14.1-r1 (including)
Junos	Juniper	14.1-r2 (including)	14.1-r2 (including)
Junos	Juniper	14.1-r3 (including)	14.1-r3 (including)
Junos	Juniper	14.1-r4 (including)	14.1-r4 (including)
Junos	Juniper	14.1x50 (including)	14.1x50 (including)
Junos	Juniper	14.1x51 (including)	14.1x51 (including)
Junos	Juniper	14.1x53 (including)	14.1x53 (including)
Junos	Juniper	14.1x55 (including)	14.1x55 (including)
Junos	Juniper	14.2 (including)	14.2 (including)
Junos	Juniper	15.1 (including)	15.1 (including)
Junos	Juniper	15.1-r1 (including)	15.1-r1 (including)
Junos	Juniper	15.1x49 (including)	15.1x49 (including)

References

http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10707
http://www.securitytracker.com/id/1033817

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-7751
CWE	https://cwe.mitre.org/data/definitions/264.html