6.5

CVE-2016-1280

PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Updated50 Version <= 12.1x44
JuniperJunos Version12.1x46
JuniperJunos Version12.1x46 Updated10
JuniperJunos Version12.1x46 Updated15
JuniperJunos Version12.1x46 Updated20
JuniperJunos Version12.1x46 Updated25
JuniperJunos Version12.1x46 Updated30
JuniperJunos Version12.1x46 Updated35
JuniperJunos Version12.1x47
JuniperJunos Version12.1x47 Updated10
JuniperJunos Version12.1x47 Updated15
JuniperJunos Version12.1x47 Updated20
JuniperJunos Version12.1x47 Updated25
JuniperJunos Version12.3
JuniperJunos Version12.3 Updater1
JuniperJunos Version12.3 Updater10
JuniperJunos Version12.3 Updater11
JuniperJunos Version12.3 Updater2
JuniperJunos Version12.3 Updater3
JuniperJunos Version12.3 Updater4
JuniperJunos Version12.3 Updater5
JuniperJunos Version12.3 Updater6
JuniperJunos Version12.3 Updater7
JuniperJunos Version12.3 Updater8
JuniperJunos Version12.3 Updater9
JuniperJunos Version12.3x48 Updated10
JuniperJunos Version12.3x48 Updated15
JuniperJunos Version12.3x50
JuniperJunos Version13.3
JuniperJunos Version13.3 Updater1
JuniperJunos Version13.3 Updater2
JuniperJunos Version13.3 Updater2-s2
JuniperJunos Version13.3 Updater3
JuniperJunos Version13.3 Updater4
JuniperJunos Version13.3 Updater5
JuniperJunos Version13.3 Updater6
JuniperJunos Version13.3 Updater7
JuniperJunos Version13.3 Updater8
JuniperJunos Version13.3 Updater9
JuniperJunos Version14.1
JuniperJunos Version14.1 Updater1
JuniperJunos Version14.1 Updater2
JuniperJunos Version14.1 Updater3
JuniperJunos Version14.1 Updater4
JuniperJunos Version14.1 Updater5
JuniperJunos Version14.1 Updater6
JuniperJunos Version14.1 Updater7
JuniperJunos Version14.1x53 Updated10
JuniperJunos Version14.1x53 Updated15
JuniperJunos Version14.1x53 Updated16
JuniperJunos Version14.1x53 Updated25
JuniperJunos Version14.1x53 Updated26
JuniperJunos Version14.1x53 Updated27
JuniperJunos Version14.1x53 Updated30
JuniperJunos Version14.1x53 Updated35
JuniperJunos Version14.2
JuniperJunos Version14.2 Updater1
JuniperJunos Version14.2 Updater2
JuniperJunos Version14.2 Updater3
JuniperJunos Version14.2 Updater4
JuniperJunos Version14.2 Updater5
JuniperJunos Version14.2 Updater6
JuniperJunos Version15.1 Updater1
JuniperJunos Version15.1 Updater2
JuniperJunos Version15.1 Updater3
JuniperJunos Version15.1x49 Updated10
JuniperJunos Version15.1x53 Updated10
JuniperJunos Version15.1x53 Updated20
JuniperJunos Version15.1x53 Updated21
JuniperJunos Version15.1x53 Updated30
JuniperJunos Version15.1x53 Updated32
JuniperJunos Version15.1x53 Updated33
JuniperJunos Version15.1x53 Updated34
JuniperJunos Version16.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.233
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 3.9 2.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-297 Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.