Juniper Junos TACACS+ Double Quotes Privilege Escalation (JSA10667)
Medium Nessus Plugin ID 80955
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is potentially affected by a privilege escalation vulnerability when processing a TACACS+ configuration containing authorization attributes with double quotes. A local, authenticated attacker could exploit this issue to run unauthorized commands.
SolutionApply the relevant Junos software release or workaround referenced in Juniper advisory JSA10667.