Juniper Junos vMX 14.1 < 14.1R8 / 15.1 < 15.1F5 Local Information Disclosure (JSA10766)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version number and architecture, the
remote Juniper Junos vMX (Virtual MX Series) router is 14.1 prior to
14.1R8 or 15.1 prior to 15.1F5. It is, therefore, affected by a local
information disclosure vulnerability due to the use of incorrect
permissions. A local attacker can exploit this to disclose sensitive
information in vMX or vPFE images, including private cryptographic
keys.

See also :

https://kb.juniper.net/JSA10766

Solution :

Upgrade to Juniper Junos vMX 14.1R8 / 15.1F5 as referenced in Juniper
advisory JSA10766.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)

Family: Junos Local Security Checks

Nessus Plugin ID: 94579 ()

Bugtraq ID: 93531

CVE ID: CVE-2016-4924

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now