Multiple vulnerabilities in Juniper Junos



Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-0009
CVE-2018-0008
CVE-2018-0004
CVE-2018-0006
CWE-ID CWE-264
CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Juniper Junos OS
Operating systems & Components / Operating system

Vendor Juniper Networks, Inc.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU10148

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-0009

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access and privileges controls. A remote attacker can bypass the firewall to access resources on the target network when firewall rules are configured for custom application UUIDs that start with a zero.

Mitigation

The vulnerability is addressed in the following versions: 12.1X46-D71, 12.3X48-D55, 15.1X49-D100, 17.3R1.

Vulnerable software versions

Juniper Junos OS: 12.1X46-D67 - 15.2

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10836


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Privilege escalation

EUVDB-ID: #VU10149

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-0008

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a physically local attacker to gain elevated privileges on the target system.

The weakness exists due to improper access and privileges controls. A physically local attacker on the console can gain root access without authenticating after an authenticated administrator has run a commit script containing certain instructions and the system reboots into a "safe mode" authentication state.

Mitigation

The vulnerability is addressed in the following versions: 12.1X46-D71, 12.3X48-D55, 14.1R9, 14.1X53-D40, 14.2R7-S9, 14.2R8, 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6, 15.1X49-D110, 15.1X53-D49, 15.1X53-D470, 15.1X53-D232, 15.1X53-D65, 16.1R2, 16.2R1.

Vulnerable software versions

Juniper Junos OS: 12.1X46-D67 - 16.1

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10835


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU10150

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-0004

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper validation of user-supplied input. A remote attacker can send a sustained sequence of traffic that, when a certain command is issued by the administrator, will consume excessive CPU resources on the target system and cause the forwarding plane and/or control plane to become inaccessible.

Mitigation

The vulnerability is addressed in the following versions: 12.1X46-D50, 12.3R12-S7, 12.3X48-D30, 14.1R8-S4, 14.1R9, 14.1X53-D30, 14.1X53-D34, 14.2R8, 15.1F6, 15.1R3, 15.1X49-D40, 15.1X53-D31, 15.1X53-D33, 15.1X53-D60, 16.1R1.

Vulnerable software versions

Juniper Junos OS: 12.1X46-D67 - 15.2

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10832


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource exhaustion

EUVDB-ID: #VU10151

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-0006

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

the weakness exists due to insufficient validation of user-supplied input. An adjacent attacker can send VLAN authentication attempts via the local broadcast domain to consume excessive memory on the target BBE subscriber management daemon (bbe-smgd) and cause denial of service conditions.

Mitigation

The vulnerability is addressed in the following versions: 15.1R6-S2, 15.1R7, 16.1R5-S1, 16.1R6, 16.2R2-S2, 16.2R3, 17.1R2-S5, 17.1R3, 17.2R2, 17.3R1, 17.4R1.

Vulnerable software versions

Juniper Junos OS: 15.1 - 17.3R1

CPE2.3 External links

https:kb.juniper.net/InfoCenter/index?page=content&id=JSA10834


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###