CVE-2016-1280 Information

Description

PKId in Juniper Junos OS before 12.1X44-D52 12.1X46 before 12.1X46-D37 12.1X47 before 12.1X47-D30 12.3 before 12.3R12 12.3X48 before 12.3X48-D20 13.3 before 13.3R10 14.1 before 14.1R8 14.1X53 before 14.1X53-D40 14.2 before 14.2R7 15.1 before 15.1R4 15.1X49 before 15.1X49-D20 15.1X53 before 15.1X53-D60 and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755 http://www.securityfocus.com/bid/91761 http://www.securitytracker.com/id/1036303

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.5