Multiple vulnerabilities in Juniper products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2018-0016 CVE-2018-0017 CVE-2018-0018 CVE-2018-0019 CVE-2018-0020 CVE-2015-2080 CVE-2017-1000385 CVE-2014-0016 CVE-2008-2420 CVE-2018-0021 CVE-2018-0022 CVE-2018-0023 |
| CWE-ID | CWE-20 CWE-703 CWE-16 CWE-404 CWE-200 CWE-300 CWE-332 CWE-284 CWE-401 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software Subscribe |
Juniper Junos OS Operating systems & Components / Operating system Jetty Server applications / Web servers Northstar Controller Server applications / Other server solutions Stunnel Client/Desktop applications / Encryption software |
| Vendor |
Juniper Networks, Inc. Eclipse Stunnel.org |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU11839
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0016
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to unspecified flaw. A remote attacker can submit specially crafted CLNP packets, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update to versions 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5, 15.1X49-D60, 15.1X53-D66, 15.1X53-D233, 15.1X53-D471, 16.1R1 or later.
Vulnerable software versionsJuniper Junos OS: 15.1F1 - 15.1X53
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10844&actp=METADATA
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper check or handling of exceptional conditions
EUVDB-ID: #VU11840
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0017
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in flowd daemon due to failure to handle exceptional conditions. A remote attacker can submit a specially crafted valid IPv6 packet and cause the service to crash.
Update to versions 12.1X46-D76, 12.3X48-D55, 15.1X49-D90, 17.3R1 or later.
Vulnerable software versionsJuniper Junos OS: 12.1x46 - 15.1X49
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845&actp=METADATA
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Configuration error
EUVDB-ID: #VU11841
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0018
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information and bypass security restrictions on the target system.
The weakness exists due to configuration error. A remote attacker can submit specially crafted packets, gain access to potentially sensitive information and bypass firewall rules of IDP policies.
Update to versions 12.1X46-D60, 12.3X48-D35, 15.1X49-D60, 17.3R1 or later.
Vulnerable software versionsJuniper Junos OS: 12.1x46 - 15.1X49
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846&actp=METADATA
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper resource shutdown
EUVDB-ID: #VU11842
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0019
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in SNMP MIB-II subagent daemon (mib2d) due to unspecified flaw. A remote attacker can cause the service to crash.
Update to versions 12.3R12-S7, 12.3R13, 12.3X48-D65, 14.1R9, 14.1X53-D130, 15.1F2-S20, 15.1F6-S10, 15.1R7, 15.1X49-D130, 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66, 16.1R5-S3, 16.1R7, 16.1X65-D65, 16.1X70-D10, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R2-S6, 17.1R3, 17.2R1 or later.
Vulnerable software versionsJuniper Junos OS: 12.1x46 - 17.1
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10847&actp=METADATA
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU11843
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0020
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in rpd daemon cores due to unspecified flaw. A remote attacker can submit a specially crafted BGP UPDATE and cause the service to crash.
Update to versions 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D130, 15.1X53-D233, 15.1X53-D471, 15.1X53-D58, 15.1X53-D66, 16.1R3-S8, 16.1R4-S9, 16.1R5-S3, 16.1R6-S3, 16.1R7, 16.1X65-D47, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R2-S3, 17.1R3, 17.2R1-S3, 17.2R2-S1, 17.2R3, 17.2X75-D70, 17.3R1 or later.
Vulnerable software versionsJuniper Junos OS: 14.1x53 - 17.2X75
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10848&actp=METADATA
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU11844
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-2080
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in an HTTP header, aka JetLeak due to improper initialization of process memory. A remote attacker can gain access to potentially sensitive information.
Update to versions 8.2.0-R18, 8.3.0-R11, 8.4.1-R5 or later.
Vulnerable software versionsJetty: 8.2.0 - 8.4.1
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10849&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Man-in-the-middle attack
EUVDB-ID: #VU11845
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C]
CVE-ID: CVE-2017-1000385
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to conduct man-in-the-middle attack on the target system.
The weakness exists due to performing RSA decryption and signing operations with the private key of a TLS server. A remote attacker can gain access to potentially sensitive information.
Update to versions 3.0.1, 3.2.1, 4.0.0 or later.
Vulnerable software versionsNorthstar Controller: 3.0 - 3.2
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10850&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
8) Insufficient entropy in PRNG
EUVDB-ID: #VU11846
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0016
CWE-ID:
CWE-332 - Insufficient Entropy in PRNG
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the targets system.
The weakness exists due to improper update of the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool, when using fork threading. A remote attacker can gain access to potentially sensitive information.
Update to version 5.00.
Vulnerable software versionsStunnel: 4.50 - 4.57
External linkshttp://www.stunnel.org/sdf_ChangeLog.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper access control
EUVDB-ID: #VU11847
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2008-2420
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in the OCSP functionality due to improper search of certificate revocation lists (CRL). A remote attacker can use revoked certificates and bypass intended access restrictions.
Update to version 4.24.
Vulnerable software versionsStunnel: 4.20 - 4.23
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10852&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Man-in-the-middle attack
EUVDB-ID: #VU11848
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0021
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct man-in-the-middle attack and obtain potentially sensitive information on the target system.
The weakness exists due to if all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. A remote attacker can discover the secret passphrases configured for these keys through dictionary-based and brute-force-based attacks using spoofed packets.
Update to versions 14.1R9, 14.1X53-D47, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D100, 15.1X53-D59, 16.1R3-S8, 16.1R4-S8, 16.1R5, 16.2R1-S6, 16.2R2, 17.1R2, 17.2R1 or later.
Vulnerable software versionsJuniper Junos OS: 14.1 - 17.1
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10854&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU11849
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0022
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number of mbufs that are currently in use and maximum number of mbufs that can be allocated on a platform:
> show system buffers Once the device runs out of mbufs a remote attacker can cause the service to crash.
2437/3143/5580 mbufs in use (current/cache/total)
Update to versions 12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1R9, 14.1X53-D47, 14.2R8, 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D58, 15.1X53-D66, 16.1R3-S8, 16.1R4-S6, 16.1R5, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S6, 17.1R3, 17.2R1-S5, 17.2R2, 17.3R1 or later.
Vulnerable software versionsJuniper Junos OS: 12.1x46 - 17.2
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10855&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Configuration error
EUVDB-ID: #VU11850
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0023
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to the default configuration and sample files of JSNAPy automation tool are created world writable. A local attacker can alter the files under the directory including inserting operations not intended by the package maintainer, system administrator, or other users.
Update to version 1.3.
Vulnerable software versionsJuniper Junos OS: 1.2 - 1.2.1
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10856&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
