Description
The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032841
Scores
EPSS
0.0004
EPSS Percentile
12.6%
Details
CWE
CWE-284
Status
published
Products (3)
juniper/junos
12.1x46 (6 CPE variants)
juniper/junos
12.1x47 (3 CPE variants)
juniper/junos
12.3x48 (3 CPE variants)
Published
Jul 14, 2015
Tracked Since
Feb 18, 2026