10.1 C
London
Monday, October 23, 2017

JSA10677 – 2015-04 Security Bulletin: SRX Series: Cross-Site-Scripting Vulnerability in Dynamic...

2015-04 Security Bulletin: SRX Series: Cross-Site-Scripting Vulnerability in Dynamic VPN (CVE-2015-3005). Product Affected:SRX Series devices with Dynamic VPN enabled. Problem:A reflected cross site scripting (XSS) vulnerability in SRX Dynamic VPN may allow the stealing of sensitive information or session credentials from Dynamic VPN users.This issue affects the device only when Dynamic VPN is enabled.No other Juniper Networks products or platforms are affected by this issue.This issue has been assigned CVE-2015-3005. Solution:The following software releases have been updated to resolve this specific issue: 12.1X44-D45 12.1X46-D30 12.1X47-D20 and all subsequent releases.This issue is being tracked as PR 1031103 and is visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:There are no viable workarounds for this issue. Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History:2015-04-08: Initial release. Related Links: CVSS Score:4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Risk Level:Low Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories. Acknowledgements:

JSA10703 – 2015-10 Security Bulletin: Junos: vSRX-Series: A remote attacker...

2015-10 Security Bulletin: Junos: vSRX-Series: A remote attacker can cause a persistent denial of service to the vSRX through a specific connection request to the firewall's host-OS.(CVE-2015-7749) Product Affected:​vSRX-Series Problem:​A malicious attacker can cause a denial of service to the vSRX PFE daemon by issuing a specific connection request to the vSRX host-OS.This issue is assigned CVE-2015-7749 Solution:The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D20, and all subsequent vSRX-Series releases.This issue is being tracked as PR 1085900 and is visible on the Customer Support website. This issue was found during internal product security testing.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.No other Juniper Networks products or platforms are affected by this issue.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.​​ Workaround:​Protect the vSRX Series services gateway host-OS from unauthorized access by limiting the exploitable attack surface by implementing access lists or firewall filters from trusted, administrative networks or hosts. Implementation:How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2015-10-14: Initial publication Related Links: CVSS Score:7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories" Acknowledgements:

JSA10707 – 2015-10 Security Bulletin: Junos: Corrupt pam.conf file allows unauthenticated...

When the pam.conf file is corrupted in certain ways, it may allow connection to the device as the root user with no password. This "fail-open" behavior allows an attacker who can specifically modify the file to gain full access to the device.Note that inadvertent manipulation of the pam.conf by an authorized administrator can also lead to unauthenticated root access to the device. Extreme care should be taken by administrators to avoid modifying pam.conf directly.While the standalone vulnerability may not be directly exploitable, this issue increases the severity of other attacks that may be chained together to launch a multi-stage advanced attack against the device.This issue is assigned ​CVE-2015-7751.The following software releases have been updated to resolve this specific issue: Junos OS 12.1X44-D50, 12.1X46-D35, 12.1X47-D25, 12.3R9, 12.3X48-D15, 13.2R7, 13.2X51-D35, 13.3R6, 14.1R5, 14.1X50-D105, 14.1X51-D70, 14.1X53-D25, 14.1X55-D20, 14.2R1, 15.1F2, 15.1R1, 15.1X49-D10, and all subsequent releases.​This issue was found during internal product security testing.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.No other Juniper Networks products or platforms are affected by this issue.This issue is being tracked as PR 965378 and is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.​​​Edit the filesystem flags on pam.conf to add 'sappend' (system append-only flag): % chflags sappend /var/etc/pam.confThis will ensure that the file cannot be truncated (cannot be written to at any point other than at the end of the file), protecting the integrity of the file from random or malicious corruption.How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2015-10-14: Initial publication Information for how Juniper Networks uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories"

JSA10671 – 2015-01 Out of Cycle Security Bulletin: GHOST glibc gethostbyname()...

2015-01 Out of Cycle Security Bulletin: GHOST glibc gethostbyname() buffer overflow vulnerability (CVE-2015-0235) Product Affected:Please see the list in the Problem section below. Problem:On January 27, 2015, Qualys announced the GHOST vulnerability:https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerabilityThe GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.Vulnerable ProductsJunos SpaceCTPViewCTPProducts Not VulnerableJunos – Junos OS does not use the glibc library.Products Under InvestigationQFabric DirectorJUNOSeNetScreen ISG/SSG firewallsIDP-SASRCFirefly Host/vGWNSM server and NSM3000/NSMXpress applianceFor information regarding Pulse Secure products, please refer to TSB16618 for the latest information.Juniper is continuing to investigate our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated. This issue has been assigned CVE-2015-0235. Solution:NetScreen ISG/SSG firewalls:PR 1060010 has been logged to investigate whether this issue affects ScreenOS.IDP-SA:PR 1060071 has been logged to investigate whether this issue affects IDP-OS.CTPView:PR 1060060 has been logged to resolve this issue in CTPView.Junos Space:PR 1060102 has been logged to resolve this issue.IDP Anomaly:The IDP anomaly ​SMTP:OVERFLOW:COMMAND-LINE should cover the known SMTP variant of this vulnerability. For easy attack lookup, the Signatures team has linked CVE-2015-0235 as a reference to this anomaly and also made it part of the recommended policy. All these changes will be reflected in the next signature pack which is scheduled to release on 29-Jan-2015 at 12:00 PST. Workaround:General Mitigation:The affected gethostbyname() functions are primarily called in response to references to DNS host names and addresses from the CLI.  ​Use access lists or firewall filters to limit access to networking eqiupment via CLI only from trusted hosts.  Other attack vectors are still being researched.In addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit all administrative access to networking equipment only from trusted, administrative networks or hosts. Implementation:Modification History: 2015-01-28: Initial publication Related Links: CVSS Score:7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

JSA10635 – 2014-07 Security Bulletin: Junos: SRX flowd denial of service...

2014-07 Security Bulletin: Junos: SRX flowd denial of service vulnerability in NAT protocol translation (CVE-2014-3817) Product Affected:This issue affects all SRX Series devices running Junos OS 11.4, 12.1X44, 12.1X45, or 12.1X46 Problem:On SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, a certain crafted packet may cause the flowd process to hang or crash. A hang or repeated crash of the flowd process constitutes an extended denial of service condition for SRX Series devices.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.No other Juniper Networks products or platforms are affected by this issue.This issue has been assigned CVE-2014-3817. Solution:The following software releases have been updated to resolve this specific issue: 11.4R12, 12.1X44-D32, 12.1X44-D35, 12.1X45-D25, 12.1X46-D20, 12.1X47-D10, and all subsequent releases (i.e. all releases built after 12.1X47-D10).This issue is being tracked as PR 954437 and is visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:If NAT protocol translation from IPv4 to IPv6 is not required, disabling (by deleting the setting or deactivating) the feature will completely mitigate this issue. Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. Related Links: CVSS Score:7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

JSA10713 – 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security...

2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755) Product Affected:These issues can affect any product or platform running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. Problem:During an internal code review, two security issues were identified.The first issue allows unauthorized remote administrative access to the device over SSH or telnet. Exploitation of this vulnerability can lead to complete compromise of the affected system.Upon exploitation of this vulnerability, the log file would contain an entry that ‘system’ had logged on followed by password authentication for a username.Example: Normal login by user username1:2015-12-17 09:00:00 system warn 00515 Admin user username1 has logged on via SSH from …..2015-12-17 09:00:00 system warn 00528 SSH: Password authentication successful for admin user ‘username1’ at host …Compromised login by user username2:2015-12-17 09:00:00 system warn 00515 Admin user system has logged on via SSH from …..2015-12-17 09:00:00 system warn 00528 SSH: Password authentication successful for admin user ‘username2’ at host …Note that a skilled attacker would likely remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised.The second issue may allow a knowledgeable attacker to decrypt encrypted VPN traffic.There is no way to detect that this vulnerability was exploited.Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities.No other Juniper Networks products or platforms are affected by these issues.These issues have been assigned CVE-2015-7755.Juniper has issued a statement about these vulnerabilities at: http://forums.juniper.net/t5/Security-Incident-Response/bg-p/SIRT Solution:The following software releases have been updated to resolve these specific issues: ScreenOS 6.2.0r19, 6.3.0r21, and all subsequent releases.Additionally, earlier affected releases of ScreenOS 6.3.0 have been respun to resolve these issues. Fixes are included in: 6.3.0r12b, 6.3.0r13b, 6.3.0r14b, 6.3.0r15b, 6.3.0r16b, 6.3.0r17b, 6.3.0r18b, 6.3.0r19b.All affected software releases on http://www.juniper.net/support/downloads/screenos.html have been updated with these fixes.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:The Juniper SIRT strongly recommends upgrading to a fixed release (in Solution section above) to resolve these critical vulnerabilities.No workaround exists for these issues. In addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit management access to the device only from trusted, internal, administrative networks or hosts. Doing so would mitigate the first issue but not the second. Implementation:How to obtain fixed software:ScreenOS software releases are available at http://www.juniper.net/support/downloads/screenos.htmlModification History: 2015-12-17: Initial publication Related Links: CVSS Score:9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Risk Level:Critical Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

JSA10607 – 2014-01 Security Bulletin: Junos: Memory-consumption DoS attack possible when...

2014-01 Security Bulletin: Junos: Memory-consumption DoS attack possible when xnm-ssl or xnm-clear-text service enabled (CVE-2014-0613) Product Affected:This issue can affect any product or platform running Junos OS. Problem:When xnm-ssl or xnm-clear-text is enabled within the [edit system services] hierarchy level of the Junos configuration, an unauthenticated, remote user could exploit the XNM command processor to consume excessive amounts of memory. This, in turn, could lead to system instability or other performance issues.This issue was found during internal product security testing.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.No other Juniper Networks products or platforms are affected by this issue.(Be careful about third-party and/or open source software)This issue has been assigned CVE-2014-0613. Solution:The following software releases have been updated to resolve this specific issue:All Junos OS software releases built on or after 2013-12-17, orJunos OS 10.4R16, 11.4R10, 12.1R8-S2, 12.1X44-D30, 12.1X45-D20, 12.1X46-D10, 12.2R7, 12.3R5, 13.1R3-S1, 13.2R2-S2, 13.3R1, and all subsequent releases (i.e. all releases built after 13.3R1).Customers can confirm the build date of any Junos OS release by issuing the command 'show version detail'.This issue is being tracked as PR 925478 and is visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:Use access lists or firewall filters to limit access to the router via the Junos XML protocol only from trusted hosts.In addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use additional access lists or firewall filters to limit access to the router via ssh or telnet only from trusted, administrative networks or hosts. Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. Related Links: CVSS Score:5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Risk Level:Medium Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

JSA10712 – 2015-12 Out of Cycle Security Bulletin: ScreenOS: Crafted SSH...

2015-12 Out of Cycle Security Bulletin: ScreenOS: Crafted SSH negotiation may trigger system crash (​CVE-2015-7754) Product Affected:This issue can affect any product or platform running ScreenOS 6.3.0r20. Problem:A crafted SSH negotiation may result in a system crash when ssh-pka is configured and enabled on the firewall. In the worst case scenario, the unhandled SSH exception resulting in a system crash could lead to remote code execution.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.No other Juniper Networks products or platforms are affected by this issue.This issue has been assigned CVE-2015-7754. Solution:The following software releases have been updated to resolve this specific issue: ScreenOS 6.3.0r21, and all subsequent releases.This issue is being tracked as PR 1139205 which is visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:Use access lists or firewall filters to limit access to the device via administrative login (e.g. SSH) only from trusted hosts, or restrict management access to specific IP addresses.  Refer to KB3905 for more information about restricting management access in ScreenOS.In addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit management access to the device only from trusted, administrative networks or hosts. Implementation:How to obtain fixed software:ScreenOS software releases are available at http://www.juniper.net/support/downloads/screenos.htmlModification History: 2015-12-17: Initial publication Related Links: CVSS Score:9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Risk Level:Critical Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

JSA10633 – 2014-07 Security Bulletin: Junos: Denial of Service vulnerability in...

2014-07 Security Bulletin: Junos: Denial of Service vulnerability in flowd related to SIP ALG (CVE-2014-3815) Product Affected:This issue affects SRX Series devices running Junos OS 12.1X46 prior to 12.1X46-D20 Problem:On SRX Series devices, when SIP ALG is enabled, a certain crafted SIP packet may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs can be obtained by executing the 'show security alg status' CLI command.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.No other Juniper Networks products or platforms are affected by this issue.This issue has been assigned CVE-2014-3815. Solution:The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D20, 12.1X47-D10, and all subsequent releases (i.e. all releases built after 12.1X47-D10).This issue is being tracked as PR 964817 and is visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:Two available workarounds exist for this issue:Disable SIP ALG using the CLI command 'set security alg sip disable' if SIP ALG is not requiredEnable flow-based processing for IPv6 traffic using the CLI command 'set security forwarding-options family inet6 mode flow-based' command (a device reboot is required) Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. Related Links: CVSS Score:CVSS Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

JSA10683 – 2015-07 Security Bulletin: Junos: SRX ‘set system ports console...

2015-07 Security Bulletin: Junos: SRX 'set system ports console insecure' not functioning as expected (CVE-2015-3007) Product Affected:This issue affects the SRX Series services gateways running Junos OS 12.1X46-D15 and later releases. Problem:On SRX Series services gateways, the 'set system ports console insecure' feature does not work as expected. This feature is intended to prevent non-root users from performing password recovery using the console (see KB22619). This vulnerability may allow a non-root user with physical access to the console port to gain full administrative privileges. This issue affects SRX Series services gateways only. No other Junos devices are affected. This feature was first introduced in SRX 12.1X46-D15. Earlier releases are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue has been assigned CVE-2015-3007. Solution:The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D35, 12.1X47-D25, 12.3X48-D15, and all subsequent releases. This issue is being tracked as PR 1016488 and is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:Protect SRX Series services gateways from unauthorized console and/or physical access. Implementation:How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. Modification History: 2015-07-08: Initial publication Related Links: CVSS Score:CVSSv2: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

JSA10753 – 2016-07 Security Bulletin: SRX Series: Upgrades using 'partition' option...

2016-07 Security Bulletin: SRX Series: Upgrades using 'partition' option may allow unauthenticated root login (CVE-2016-1278)Product Affected:This issue can affect any SRX Series devices upgraded using the 'partition' option. Problem:Using the 'request system software' command with the 'partition' option on an SRX Series device upgrading from Junos OS 12.1X45 or 12.1X46 prior to D50 can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication triggered by the failed upgrade. Additionally, valid authentication credentials fail to work due to the same issue.  Only root with no password will work.This issue can affect SRX Series devices upgraded from Junos OS 12.1X45 (all releases) or 12.1X46 releases prior to those listed as Resolved below. No other platform or version of Junos OS is affected by this vulnerability, and no other Juniper Networks products or platforms are affected by this issue.Note: The issue exists with the 'partition' option of 'request system software' executed on the release from which the upgrade is being performed.  Upgrading from an affected release to a fixed release will not resolve this issue.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.This issue has been assigned CVE-2016-1278. Solution:The following software releases have been updated to resolve this specific upgrade issue: Junos OS 12.1X46-D50 and all subsequent releases.  Upgrading from these releases will no longer exhibit the vulnerability.  However, simply upgrading to a fixed release will not recover authenticated login credentials.This issue is being tracked as PRs 1118748 and 1153914 which are visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:Avoid using the 'partition' option when upgrading an SRX Series device to Junos OS 12.1X46 prior to 12.1X46-D50.Note that the symptoms are immediately obvious after an affected upgrade and may be remediated by rebooting the device post-upgrade. Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2016-07-13: Initial publication2016-08-17: Clarified that the issue affects the from release, and cannot be resolved by simply upgrading to a fixed release. Related Links:CVSS Score:7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements:

JSA10630 – 2014-06 Security Bulletin: Junos WebApp Secure: Local user privilege...

 A local user privilege escalation issue has been found in the Junos WebApp Secure product. This issue could allow a local user with shell access the ability to escalate their privileges to root.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.No other Juniper Networks products or platforms are affected by this issue.This issue is known as CVE-2013-2094  Software updates to Junos WebApp Secure have been released to resolve this issue. The releases containing the fix is: 5.1.3-30, 5.1.3-4, and 5.1.3-24. Note: the Heartbleed fix and the fix for this issue is supplied in 5.1.3-30.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.  There is no workaround for this issue. An upgrade to a fixed version of software is required for the fix.