Description
A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Juniper Networks / Junos OS12.1X44 prior to 12.1X44-D60 – 12.1X44 prior to 12.1X44-D60
- Juniper Networks / Junos OS12.1X46 prior to 12.1X46-D50 – 12.1X46 prior to 12.1X46-D50
- Juniper Networks / Junos OS12.1X47 prior to 12.1X47-D30, 12.1X47-D35 – 12.1X47 prior to 12.1X47-D30, 12.1X47-D35
- Juniper Networks / Junos OS12.3X48 prior to 12.3X48-D20, 12.3X48-D30 – 12.3X48 prior to 12.3X48-D20, 12.3X48-D30
- Juniper Networks / Junos OS15.1X49 prior to 15.1X49-D20, 15.1X49-D30 – 15.1X49 prior to 15.1X49-D20, 15.1X49-D30