Juniper Junos vMX 14.1 < 14.1R8 / 15.1 < 15.1F5 Local Information Disclosure (JSA10766)
Medium Nessus Plugin ID 94579
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number and architecture, the remote Juniper Junos vMX (Virtual MX Series) router is 14.1 prior to 14.1R8 or 15.1 prior to 15.1F5. It is, therefore, affected by a local information disclosure vulnerability due to the use of incorrect permissions. A local attacker can exploit this to disclose sensitive information in vMX or vPFE images, including private cryptographic keys.
SolutionUpgrade to Juniper Junos vMX 14.1R8 / 15.1F5 as referenced in Juniper advisory JSA10766.