Juniper Junos 15.1 Gain privileges Obtain Information Vulnerability
1 Nov. 2016
J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via vectors.
An information leak vulnerability in J-Web may allow unauthenticated remote users with network access to the J-Web service to gain administrative privileges or perform certain administrative actions on the device.
This issue was discovered by an external security researcher.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.