cvelist/2019/0xxx/CVE-2019-0053.json

{
    "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2019-07-10T16:00:00.000Z",
        "ID": "CVE-2019-0053",
        "STATE": "PUBLIC",
        "TITLE": "Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Juniper Networks",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Junos OS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "12.3 versions prior to 12.3R12-S13"
                                        },
                                        {
                                            "version_value": "12.3X48 versions prior to 12.3X48-D80"
                                        },
                                        {
                                            "version_value": "14.1X53 versions prior to 14.1X53-D130 and 14.1X53-D49"
                                        },
                                        {
                                            "version_value": "15.1 versions prior to 15.1F6-S12 and15.1R7-S4"
                                        },
                                        {
                                            "version_value": "15.1X49 versions prior to 15.1X49-D170"
                                        },
                                        {
                                            "version_value": "15.1X53 versions prior to 15.1X53-D237 and 15.1X53-D496 and 15.1X53-D591 and 15.1X53-D69"
                                        },
                                        {
                                            "version_value": "16.1 versions prior to 16.1R3-S11 and 16.1R7-S4"
                                        },
                                        {
                                            "version_value": "16.2 versions prior to 16.2R2-S9"
                                        },
                                        {
                                            "version_value": "17.1 versions prior to 17.1R3"
                                        },
                                        {
                                            "version_value": "17.2 versions prior to 17.2R1-S8 and 17.2R2-S7 and 17.2R3-S1"
                                        },
                                        {
                                            "version_value": "17.3 versions prior to 17.3R3-S4"
                                        },
                                        {
                                            "version_value": "17.4 versions prior to 17.4R1-S6 and 17.4R2-S3 and 17.4R3"
                                        },
                                        {
                                            "version_value": "18.1 versions prior to 18.1R2-S4 and 18.1R3-S3"
                                        },
                                        {
                                            "version_value": "18.2 versions prior to 18.2R1-S5 and 18.2R2-S2 and 18.2R3"
                                        },
                                        {
                                            "version_value": "18.2X75 versions prior to 18.2X75-D40"
                                        },
                                        {
                                            "version_value": "18.3 versions prior to 18.3R1-S3 and 18.3R2"
                                        },
                                        {
                                            "version_value": "18.4 versions prior to 18.4R1-S2 and 18.4R2"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Matthew Hickey, Hacker House (https://hacker.house/) who reported this issue on November 12, 2018.\n\n"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client \u2014 accessible from the CLI or shell \u2014 in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2."
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
    ],
    "generator": {
        "engine": "Vulnogram 0.0.6"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://kb.juniper.net/JSA10947",
                "refsource": "CONFIRM",
                "url": "https://kb.juniper.net/JSA10947"
            },
            {
                "name": "https://www.exploit-db.com/exploits/45982",
                "refsource": "MISC",
                "url": "https://www.exploit-db.com/exploits/45982"
            },
            {
                "refsource": "FREEBSD",
                "name": "FreeBSD-SA-19:12",
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 14.1X53-D130, 14.1X53-D49, 15.1F6-S12, 15.1R7-S4, 15.1X49-D170, 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3-S1, 17.3R3-S4, 17.4R1-S6, 17.4R2-S3, 17.4R3, 18.1R2-S4, 18.1R3-S3, 18.2R1-S5, 18.2R2-S2, 18.2R3, 18.2X75-D40, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n"
        }
    ],
    "source": {
        "advisory": "JSA10947",
        "defect": [
            "1409847"
        ],
        "discovery": "EXTERNAL"
    },
    "work_around": [
        {
            "lang": "eng",
            "value": "Since this issue is specific to outbound connections to a malicious host from the local telnet client, mitigation includes:\n* limit access to the Junos CLI and shell from only from trusted administrators\n* block outbound telnet connections\n* deny access to the telnet command and shell per user or user class"
        }
    ]
}
- Synchronized data. 2018-10-11 10:06:06 -04:00			`{`
"-Synchronized-Data." 2019-07-11 20:00:53 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "sirt@juniper.net",`
			`"DATE_PUBLIC": "2019-07-10T16:00:00.000Z",`
			`"ID": "CVE-2019-0053",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Juniper Networks",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Junos OS",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "12.3 versions prior to 12.3R12-S13"`
			`},`
			`{`
			`"version_value": "12.3X48 versions prior to 12.3X48-D80"`
			`},`
			`{`
			`"version_value": "14.1X53 versions prior to 14.1X53-D130 and 14.1X53-D49"`
			`},`
			`{`
			`"version_value": "15.1 versions prior to 15.1F6-S12 and15.1R7-S4"`
			`},`
			`{`
			`"version_value": "15.1X49 versions prior to 15.1X49-D170"`
			`},`
			`{`
			`"version_value": "15.1X53 versions prior to 15.1X53-D237 and 15.1X53-D496 and 15.1X53-D591 and 15.1X53-D69"`
			`},`
			`{`
			`"version_value": "16.1 versions prior to 16.1R3-S11 and 16.1R7-S4"`
			`},`
			`{`
			`"version_value": "16.2 versions prior to 16.2R2-S9"`
			`},`
			`{`
			`"version_value": "17.1 versions prior to 17.1R3"`
			`},`
			`{`
			`"version_value": "17.2 versions prior to 17.2R1-S8 and 17.2R2-S7 and 17.2R3-S1"`
			`},`
			`{`
			`"version_value": "17.3 versions prior to 17.3R3-S4"`
			`},`
			`{`
			`"version_value": "17.4 versions prior to 17.4R1-S6 and 17.4R2-S3 and 17.4R3"`
			`},`
			`{`
			`"version_value": "18.1 versions prior to 18.1R2-S4 and 18.1R3-S3"`
			`},`
			`{`
			`"version_value": "18.2 versions prior to 18.2R1-S5 and 18.2R2-S2 and 18.2R3"`
			`},`
			`{`
			`"version_value": "18.2X75 versions prior to 18.2X75-D40"`
			`},`
			`{`
			`"version_value": "18.3 versions prior to 18.3R1-S3 and 18.3R2"`
			`},`
			`{`
			`"version_value": "18.4 versions prior to 18.4R1-S2 and 18.4R2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Matthew Hickey, Hacker House (https://hacker.house/) who reported this issue on November 12, 2018.\n\n"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
"-Synchronized-Data." 2019-03-18 03:56:51 +00:00			`{`
"-Synchronized-Data." 2019-07-11 20:00:53 +00:00			`"lang": "eng",`
			"value": "Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client \u2014 accessible from the CLI or shell \u2014 in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2."
"-Synchronized-Data." 2019-03-18 03:56:51 +00:00			`}`
"-Synchronized-Data." 2019-07-11 20:00:53 +00:00			`]`
			`},`
			`"exploit": [`
			`{`
CVE assignments in Juniper July 2019 advisory bundle. 2019-07-10 15:42:52 -04:00			`"lang": "eng",`
"-Synchronized-Data." 2019-07-11 20:00:53 +00:00			`"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."`
			`}`
			`],`
			`"generator": {`
			`"engine": "Vulnogram 0.0.6"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.8,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-121 Stack-based Buffer Overflow"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://kb.juniper.net/JSA10947",`
			`"refsource": "CONFIRM",`
			`"url": "https://kb.juniper.net/JSA10947"`
			`},`
			`{`
			`"name": "https://www.exploit-db.com/exploits/45982",`
			`"refsource": "MISC",`
			`"url": "https://www.exploit-db.com/exploits/45982"`
"-Synchronized-Data." 2019-07-24 15:00:55 +00:00			`},`
			`{`
			`"refsource": "FREEBSD",`
			`"name": "FreeBSD-SA-19:12",`
			`"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc"`
"-Synchronized-Data." 2019-07-11 20:00:53 +00:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 14.1X53-D130, 14.1X53-D49, 15.1F6-S12, 15.1R7-S4, 15.1X49-D170, 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3-S1, 17.3R3-S4, 17.4R1-S6, 17.4R2-S3, 17.4R3, 18.1R2-S4, 18.1R3-S3, 18.2R1-S5, 18.2R2-S2, 18.2R3, 18.2X75-D40, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n"
			`}`
			`],`
			`"source": {`
			`"advisory": "JSA10947",`
			`"defect": [`
			`"1409847"`
			`],`
			`"discovery": "EXTERNAL"`
			`},`
			`"work_around": [`
			`{`
			`"lang": "eng",`
			`"value": "Since this issue is specific to outbound connections to a malicious host from the local telnet client, mitigation includes:\n* limit access to the Junos CLI and shell from only from trusted administrators\n* block outbound telnet connections\n* deny access to the telnet command and shell per user or user class"`
			`}`
			`]`
"-Synchronized-Data." 2019-03-18 03:56:51 +00:00			`}`