Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JIMS: Local Privilege Escalation vulnerability via repair functionality
Vulnerability Description
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
Juniper Networks Juniper Identity Management Service 安全漏洞
Vulnerability Description
Juniper Networks Juniper Identity Management Service是美国瞻博网络(Juniper Networks)公司的一项通过基于角色验证和限制用户访问来保护公司资源的服务。 Juniper Networks Juniper Identity Management Service(JIMS) 1.4.0之前版本存在安全漏洞,该漏洞源于Windows Installer框架中存在一个不正确的权限管理漏洞。攻击者利用该漏洞触发修复操作,向Windows Install
CVSS Information
N/A
Vulnerability Type
N/A