Multiple vulnerabilities in Juniper Junos

1) Security restrictions bypass

EUVDB-ID: #VU7508

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2343

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain root access to the target system.

The weakness exists due to use of hard-coded authentication credentials by the Integrated User Firewall feature. A remote attacker can pass these credentials in clear text or in an encrypted format and gain control of the target system, other SRX Series devices in the same environment and Active Directory servers and services.

Successful exploitation of the vulnerability results in full control over the system.

Mitigation

Update to version 12.3X48-D35, 15.1X49-D50.

Vulnerable software versions

Juniper Junos OS: 12.3x48 - 15.1X49-D40

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10791

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU7510

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2345

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The weakness exists due to insufficient validation of user-supplied data. A remote attacker can send a specially crafted SNMP packet to the target routing engine, cause the snmpd daemon to crash or execute arbitrary code on the system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

The vulnerability is addressed in the following versions:
12.1X46-D67, 12.3X48-D51, 12.3X48-D55, 13.3R10-S2, 14.1R2-S10, 14.1R8-S4, 14.1R9, 14.1X53-D122, 14.1X53-D44, 14.1X53-D50, 14.2R7-S7, 14.2R8, 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7, 15.1X49-D100, 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70, 16.1R3-S4, 16.1R4-S3, 16.1R5, 16.2R2, 17.1R1-S3, 17.1R2, 17.2R1-S1, 17.2R2, 17.3R1.

Vulnerable software versions

Juniper Junos OS: 10.2 - 16.1

Juniper Junos Space: 12.1 - 15.1

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10793

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Authentication bypass

EUVDB-ID: #VU7509

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10601

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication on the target system.

The weakness exists due to a specific device configuration error. A remote attacker can bypass password-based authentication and gain access to the target system.

Mitigation

The vulnerability is addressed in the following versions:
12.3R10, 12.3R11, 12.3X48-D20, 13.2R8, 13.3R7, 14.1R4-S12, 14.1R5, 14.1R6, 14.1X53-D30, 14.2R4, 15.1F2, 15.1F3, 15.1R2, 15.1X49-D10, 16.1R1.

Vulnerable software versions

Juniper Junos OS: 12.3x48 - 15.1

Juniper Junos Space: 12.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10802

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.