Multiple vulnerabilities in Juniper Junos



Published: 2017-07-14
Risk Medium
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2017-2341
CVE-2017-10602
CVE-2017-10603
CVE-2017-2344
CVE-2017-2349
CVE-2017-2346
CVE-2017-2348
CVE-2017-10604
CVE-2017-2314
CVE-2017-2347
CVE-2017-10605
CVE-2017-2342
CWE-ID CWE-287
CWE-120
CWE-611
CWE-78
CWE-20
CWE-400
CWE-264
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Juniper Junos OS
Operating systems & Components / Operating system

Vendor Juniper Networks, Inc.

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU7529

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2341

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to authentication flaw. A local attacker on a virtualized instance can gain host privileges.

Successful exploitation of the vulnerability results in privilege escalation.

Mitigation

The vulnerability is addressed in the following versions:
14.1X53-D40, 15.1R5, 15.1X49-D70, 16.1R2

Vulnerable software versions

Juniper Junos OS: 14.1x53 - 16.1

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU7530

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10602

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to buffer overflow in the command line interface (CLI). A local attacker with read only privileges can trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

The vulnerability is addressed in the following versions:
14.2R6, 15.1F5, 15.1F6, 15.1R3, 15.1X49-D40, 15.1X53-D47, 15.1X53-D70, 16.1R1.

Vulnerable software versions

Juniper Junos OS: 14.1x53 - 15.1X53

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10803


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) XML injection

EUVDB-ID: #VU7532

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10603

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper handling of XML External Entity (XXE) entries when parsing an XML data. A local attacker CAN Inject XML data via the command line interface (CLI) and execute arbitrary commands with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

The vulnerability is addressed in the following versions:
15.1X53-D47, 15.1R3.

Vulnerable software versions

Juniper Junos OS: 15.1 - 15.1X53

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10805


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU7533

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2344

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the system.

The weakness exists due to buffer overflow in an internal Junos OS sockets library. A local attacker can run a specially crafted application, trigger memory corruption, cause the kernel panic or execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

The vulnerability is addressed in the following versions:
12.1X46-D67, 12.3X48-D51, 12.3X48-D55, 13.3R10-S2, 14.1R2-S10, 14.1R8-S4, 14.1R9, 14.1X53-D122, 14.1X53-D45, 14.1X53-D50, 14.2R7-S7, 14.2R8, 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7, 15.1X49-D100, 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70, 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5, 16.2R2, 17.1R1-S3, 17.1R2, 17.2R1-S1, 17.2R2, 17.3R1.

Vulnerable software versions

Juniper Junos OS: 12.1 - 16.1

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) OS command injection

EUVDB-ID: #VU7534

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2349

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to gain elevated privileges.

The weakness exists due to command injection flaw in the IDP feature. A remote attacker can execute shell commands and gain root privileges on the system.

Successful exploitation of the vulnerability results in privilege escalation.

Mitigation

The vulnerability is addressed in the following versions:
12.1X44-D60, 12.1X47-D30, 12.1X47-D35, 12.3X48-D20, 12.3X48-D30, 15.1X49-D20, 15.1X49-D30, 12.1X46-D50.

Vulnerable software versions

Juniper Junos OS: 12.1x44 - 15.1X49

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Denial of service

EUVDB-ID: #VU7535

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2346

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can send specially crafted large fragmented packets through an Application Layer Gateway (ALG) to cause the target MS-MPC or MS-MIC Service PIC to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions:
14.1X55-D35, 14.2R7-S4, 14.2R8, 15.1R5-S2, 15.1R6, 16.1R3-S2, 16.1R4.

Vulnerable software versions

Juniper Junos OS: 14.1x55 - 16.1R

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10794


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource exhaustion

EUVDB-ID: #VU7536

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2348

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to resource exhaustion. A remote attacker can send a specially crafted IPv6 UDP packet to cause the target Juniper Enhanced jdhcpd daemon to consume excessive CPU resources and crash or restart.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions:
14.1X53-D12, 14.1X53-D38, 14.1X53-D40, 15.1F2-S18, 15.1R4, 15.1X49-D80, 15.1X53-D51, 15.1X53-D60, 16.1R1.

Vulnerable software versions

Juniper Junos OS: 14.1x53 - 15.1X53

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10800


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Denial of service

EUVDB-ID: #VU7537

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10604

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in cluster mode on SRX Series systems. A remote attacker can can attempt to login to the root account with an incorrect password to trigger a lockout of the root account.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions:
12.1X46-D65, 12.3X48-D45, 15.1X49-D75.

Vulnerable software versions

Juniper Junos OS: 12.1x46 - 15.1X49

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10806


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Denial of service

EUVDB-ID: #VU7538

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2314

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can send a specially crafted BGP OPEN message to cause the target routing protocol daemon (rpd) process to crash and restart.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions:
12.3R12-S4, 12.3R13, 12.3R3-S4, 12.3X48-D50, 13.3R10, 13.3R4-S11, 14.1R8-S3, 14.1R9, 14.1X53-D40, 14.1X55-D35, 14.2R4-S7, 14.2R6-S4, 14.2R7, 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4, 15.1X49-D100, 15.1X53-D33, 15.1X53-D50, 16.1R1, 16.2R1.

Vulnerable software versions

Juniper Junos OS: 12.3 - 16.1

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10779


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Denial of service

EUVDB-ID: #VU7539

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2347

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. An adjacent attacker can send a specially crafted MPLS ping packet to cause the target rpd daemon to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions:
12.3X48-D50, 12.3X48-D55, 13.3R10, 14.1R4-S13, 14.1R8-S3, 14.1R9, 14.1X53-D42, 14.1X53-D50, 14.2R4-S8, 14.2R7-S6, 14.2R8, 15.1F2-S14, 15.1F5-S7, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5-S1, 15.1R6, 15.1X49-D100, 15.1X53-D105, 15.1X53-D47, 15.1X53-D62, 15.1X53-D70, 16.1R3-S3, 16.1R4, 16.2R1, 17.1R1.

Vulnerable software versions

Juniper Junos OS: 12.3x48 - 16.1

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10795


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Denial of service

EUVDB-ID: #VU7540

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10605

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can send a specially crafted packet to cause the target flowd process to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions:
12.1x46-D67, 12.3X48-D55, 15.1X49-D91, 15.1X49-D100.

Vulnerable software versions

Juniper Junos OS: 12.1x46 - 15.1X49

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10789


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Denial of service

EUVDB-ID: #VU7541

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2342

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to the system falls back to an unencrypted link when MACsec is configured on a port that is not capable of MACsec or when a secure link can not be established. A remote attacker that can monitor the network can view potentially sensitive information on the target link.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions:
15.1X49-D100.

Vulnerable software versions

Juniper Junos OS: 15.1X49 - 15.1X49-D50

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10790


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###