Home

CVE-2014-6384

Description

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors.

Risk Information

Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.051

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2014-6384,CVE-2014-6385,CVE-2015-3002,CVE-2015-3003 are fixed in junos 12.1x44-d45NCM
Vulnerabilities CVE-2014-6378,CVE-2014-6384,CVE-2015-3004 are fixed in junos 12.1x46-d25NCM
Vulnerabilities CVE-2014-6384,CVE-2014-6385,CVE-2015-3002 are fixed in junos 12.1x47-d15NCM
Multiple Vulnerabilities are fixed in junos 12.3r9NCM
Vulnerabilities CVE-2014-6378,CVE-2014-6379,CVE-2014-6384,CVE-2014-6450 are fixed in junos 13.1r4-s3NCM
Multiple Vulnerabilities are fixed in junos 13.2r6NCM
Multiple Vulnerabilities are fixed in junos 13.3r5NCM
Multiple Vulnerabilities are fixed in junos 14.1r3NCM
Vulnerabilities CVE-2014-6384,CVE-2016-1269 are fixed in junos 14.2r4-s1NCM
CVE-2014-6384NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234