CVE-2016-4924
moderate-risk
Published 2017-10-13
An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10
High
LOCAL
/ LOW complexity
Affected Products (16)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/93531
Vendor Advisory
https://kb.juniper.net/JSA10766
Third Party Advisory
http://www.securityfocus.com/bid/93531
Vendor Advisory
https://kb.juniper.net/JSA10766
44
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
0/34 · Minimal
Exposure
18/34 · Moderate