Man-in-the-middle attack in Juniper Junos OS - CVE-2018-0021
Published: April 17, 2018 / Updated: May 8, 2018
Vulnerability identifier: #VU11848
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0021
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS
Juniper Junos OS
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct man-in-the-middle attack and obtain potentially sensitive information on the target system.
The weakness exists due to if all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. A remote attacker can discover the secret passphrases configured for these keys through dictionary-based and brute-force-based attacks using spoofed packets.
The weakness exists due to if all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. A remote attacker can discover the secret passphrases configured for these keys through dictionary-based and brute-force-based attacks using spoofed packets.
How to mitigate CVE-2018-0021
Update to versions 14.1R9, 14.1X53-D47, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D100, 15.1X53-D59, 16.1R3-S8, 16.1R4-S8, 16.1R5, 16.2R1-S6, 16.2R2, 17.1R2, 17.2R1 or later.