admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-30 18:21:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-11 14:03:23 -04:00
parent 718b636da5
commit 91f84108fb
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
18 changed files with 1499 additions and 1499 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

192
2017/10xxx/CVE-2017-10602.json
View File

@ -1,158 +1,158 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2017-07-12T15:00:00.000Z",
"ID": "CVE-2017-10602",
"STATE": "PUBLIC",
"TITLE": "Junos OS: buffer overflow vulnerability in Junos CLI"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2017-07-12T15:00:00.000Z",
"ID" : "CVE-2017-10602",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: buffer overflow vulnerability in Junos CLI"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;",
"version_name": "14.1X53",
"version_value": "14.1X53-D46"
"affected" : "<",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D46"
},
{
"affected": "<",
"version_name": "14.2",
"version_value": "14.2R4-S9, 14.2R6"
"affected" : "<",
"version_name" : "14.2",
"version_value" : "14.2R4-S9, 14.2R6"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1F5, 15.1R3"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1F5, 15.1R3"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D40"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D40"
},
{
"affected": "<",
"platform": "NFX150, NFX250",
"version_name": "15.1X53",
"version_value": "15.1X53-D47"
"affected" : "<",
"platform" : "NFX150, NFX250",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D47"
},
{
"affected": "<",
"platform": "QFX10000 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D65"
"affected" : "<",
"platform" : "QFX10000 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D65"
},
{
"affected": "<",
"platform": "QFabric System",
"version_name": "14.1X53",
"version_value": "14.1X53-D130"
"affected" : "<",
"platform" : "QFabric System",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D130"
},
{
"affected": "<",
"platform": "QFX5110, QFX5200",
"version_name": "15.1X53",
"version_value": "15.1X53-D233"
"affected" : "<",
"platform" : "QFX5110, QFX5200",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D233"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges.\nAffected releases are Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;\n14.1X53 versions prior to 14.1X53-D130 on QFabric System;\n14.2 versions prior to 14.2R4-S9, 14.2R6;\n15.1 versions prior to 15.1F5, 15.1R3;\n15.1X49 versions prior to 15.1X49-D40 on SRX Series;\n15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250;\n15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series;\n15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200."
"lang" : "eng",
"value" : "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "buffer overflow in Junos CLI"
"lang" : "eng",
"value" : "buffer overflow in Junos CLI"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10803",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10803"
"name" : "https://kb.juniper.net/JSA10803",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10803"
},
{
"name": "100323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100323"
"name" : "100323",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100323"
},
{
"name": "1038900",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038900"
"name" : "1038900",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038900"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D46, 14.1X53-D130*, 14.2R4-S9, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D47, 15.1X53-D65, 15.1X53-D233 16.1R1, and all subsequent releases.\n\n*Pending Publication\nThis issue is being tracked as PR 1149652 and is visible on the Customer Support website."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 14.1X53-D46, 14.1X53-D130*, 14.2R4-S9, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D47, 15.1X53-D65, 15.1X53-D233 16.1R1, and all subsequent releases.\n\n*Pending Publication\nThis issue is being tracked as PR 1149652 and is visible on the Customer Support website."
}
],
"source": {
"advisory": "JSA10803",
"defect": [
"source" : {
"advisory" : "JSA10803",
"defect" : [
"1149652"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."
"lang" : "eng",
"value" : "Use access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."
}
]
}
}

216
2018/0xxx/CVE-2018-0003.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-01-10T17:00:00.000Z",
"ID": "CVE-2018-0003",
"STATE": "PUBLIC",
"TITLE": "Junos OS: A crafted MPLS packet may lead to a kernel crash"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-01-10T17:00:00.000Z",
"ID" : "CVE-2018-0003",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: A crafted MPLS packet may lead to a kernel crash"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D71"
"affected" : "<",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D71"
},
{
"affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S7"
"affected" : "<",
"version_name" : "12.3",
"version_value" : "12.3R12-S7"
},
{
"affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D55"
"affected" : "<",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D55"
},
{
"affected": "<",
"version_name": "14.1",
"version_value": "14.1R8-S5, 14.1R9"
"affected" : "<",
"version_name" : "14.1",
"version_value" : "14.1R8-S5, 14.1R9"
},
{
"affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D45, 14.1X53-D107"
"affected" : "<",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D45, 14.1X53-D107"
},
{
"affected": "<",
"version_name": "14.2",
"version_value": "14.2R7-S7, 14.2R8"
"affected" : "<",
"version_name" : "14.2",
"version_value" : "14.2R7-S7, 14.2R8"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7"
},
{
"affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D100"
"affected" : "<",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D100"
},
{
"affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D65, 15.1X53-D231"
"affected" : "<",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D65, 15.1X53-D231"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S6, 16.1R4-S6, 16.1R5"
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R3-S6, 16.1R4-S6, 16.1R5"
},
{
"affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D45"
"affected" : "<",
"version_name" : "16.1X65",
"version_value" : "16.1X65-D45"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S1, 16.2R3"
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R2-S1, 16.2R3"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S2, 17.1R3"
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R2-S2, 17.1R3"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S3, 17.2R2"
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R1-S3, 17.2R2"
},
{
"affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D50"
"affected" : "<",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D50"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service.\nAffected releases are Juniper Networks Junos OS:\n12.1X46 versions prior to 12.1X46-D71;\n12.3 versions prior to 12.3R12-S7;\n12.3X48 versions prior to 12.3X48-D55;\n14.1 versions prior to 14.1R8-S5, 14.1R9;\n14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107;\n14.2 versions prior to 14.2R7-S7, 14.2R8;\n15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7;\n15.1X49 versions prior to 15.1X49-D100;\n15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231;\n16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5;\n16.1X65 versions prior to 16.1X65-D45;\n16.2 versions prior to 16.2R2-S1, 16.2R3;\n17.1 versions prior to 17.1R2-S2, 17.1R3;\n17.2 versions prior to 17.2R1-S3, 17.2R2;\n17.2X75 versions prior to 17.2X75-D50.\nNo other Juniper Networks products or platforms are affected by this issue.\n"
"lang" : "eng",
"value" : "A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10831",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10831"
"name" : "https://kb.juniper.net/JSA10831",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10831"
},
{
"name": "1040179",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040179"
"name" : "1040179",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040179"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.3R12-S7, 12.3X48-D55, 14.1R8-S5, 14.1R9, 14.1X53-D45, 14.1X53-D107, 14.2R7-S7, 14.2R8, 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7, 15.1X49-D100, 15.1X53-D65, 15.1X53-D231, 16.1R3-S6, 16.1R4-S6, 16.1R5, 16.1R3-S6, 16.1R4-S6, 16.1R5, 16.1X65-D45, 16.2R2-S1, 16.2R3, 17.1R2-S2, 17.1R3, 17.2R1-S3, 17.2R2, 17.2X75-D50, 17.3R1, and all subsequent releases.\n"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.3R12-S7, 12.3X48-D55, 14.1R8-S5, 14.1R9, 14.1X53-D45, 14.1X53-D107, 14.2R7-S7, 14.2R8, 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7, 15.1X49-D100, 15.1X53-D65, 15.1X53-D231, 16.1R3-S6, 16.1R4-S6, 16.1R5, 16.1R3-S6, 16.1R4-S6, 16.1R5, 16.1X65-D45, 16.2R2-S1, 16.2R3, 17.1R2-S2, 17.1R3, 17.2R1-S3, 17.2R2, 17.2X75-D50, 17.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10831",
"defect": [
"source" : {
"advisory" : "JSA10831",
"defect" : [
"1276786"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Disallow MPLS packets from reaching the device.\nRemove MPLS configuration stanzas from interface configurations that are at risk.\nNo other viable workarounds exist for this issue."
"lang" : "eng",
"value" : "Disallow MPLS packets from reaching the device.\nRemove MPLS configuration stanzas from interface configurations that are at risk.\nNo other viable workarounds exist for this issue."
}
]
}
}

166
2018/0xxx/CVE-2018-0024.json
View File

@ -1,140 +1,140 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0024",
"STATE": "PUBLIC",
"TITLE": "Junos OS: A privilege escalation vulnerability exists where authenticated users with shell access can become root"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0024",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: A privilege escalation vulnerability exists where authenticated users with shell access can become root"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D45"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D45"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D20"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D20"
},
{
"affected": "<",
"platform": "EX Series",
"version_name": "12.3",
"version_value": "12.3R11"
"affected" : "<",
"platform" : "EX Series",
"version_name" : "12.3",
"version_value" : "12.3R11"
},
{
"affected": "<",
"platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name": "14.1X53",
"version_value": "14.1X53-D30"
"affected" : "<",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D30"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D20"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D20"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system.\nAffected releases are Juniper Networks Junos OS:\n12.1X46 versions prior to 12.1X46-D45 on SRX Series;\n12.3X48 versions prior to 12.3X48-D20 on SRX Series;\n12.3 versions prior to 12.3R11 on EX Series;\n14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;;\n15.1X49 versions prior to 15.1X49-D20 on SRX Series."
"lang" : "eng",
"value" : "An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Improper Privilege Management."
"lang" : "eng",
"value" : "Improper Privilege Management."
}
]
},
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Privilege Escalation."
"lang" : "eng",
"value" : "Privilege Escalation."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10857",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10857"
"name" : "https://kb.juniper.net/JSA10857",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10857"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D45, 12.3X48-D20, 12.3R11, 14.1X53-D30, 15.1X49-D20 and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D45, 12.3X48-D20, 12.3R11, 14.1X53-D30, 15.1X49-D20 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10857",
"defect": [
"source" : {
"advisory" : "JSA10857",
"defect" : [
"1004217"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Disallow unprivileged authenticated users access to Junos shell.\nLimit shell access to only trusted administrators."
"lang" : "eng",
"value" : "Disallow unprivileged authenticated users access to Junos shell.\nLimit shell access to only trusted administrators."
}
]
}
}

168
2018/0xxx/CVE-2018-0025.json
View File

@ -1,143 +1,143 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0025",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0025",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D67"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D67"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D25"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D25"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D35"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D35"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors.\nFTP, and Telnet pass-through authentication services are not affected.\nAffected releases are Juniper Networks SRX Series:\n12.1X46 versions prior to 12.1X46-D67 on SRX Series;\n12.3X48 versions prior to 12.3X48-D25 on SRX Series;\n15.1X49 versions prior to 15.1X49-D35 on SRX Series."
"lang" : "eng",
"value" : "When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.1,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information."
"lang" : "eng",
"value" : "CWE-319: Cleartext Transmission of Sensitive Information."
}
]
},
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle')"
"lang" : "eng",
"value" : "CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle')"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10858",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10858"
"name" : "https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html",
"refsource" : "MISC",
"url" : "https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html"
"name" : "https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html",
"refsource" : "MISC",
"url" : "https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html"
"name" : "https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html",
"refsource" : "MISC",
"url" : "https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html"
"name" : "https://kb.juniper.net/JSA10858",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10858"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS:12.1X46-D67, 12.3X48-D25, 15.1X49-D35, 17.3R1 all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS:12.1X46-D67, 12.3X48-D25, 15.1X49-D35, 17.3R1 all subsequent releases."
}
],
"source": {
"advisory": "JSA10858",
"defect": [
"source" : {
"advisory" : "JSA10858",
"defect" : [
"1122278"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "1. Discontinue use of HTTP/HTTPS Pass-through Firewall User Authentication\n \n2. Use web-redirect when using Pass-through Firewall User Authentication\n\nExample: \nset security policies from-zone * to-zone * policy * then permit firewall-authentication pass-through web-redirect\n\nFor additional configuration guidance, customers should contact JTAC Support."
"lang" : "eng",
"value" : "1. Discontinue use of HTTP/HTTPS Pass-through Firewall User Authentication\n \n2. Use web-redirect when using Pass-through Firewall User Authentication\n\nExample: \nset security policies from-zone * to-zone * policy * then permit firewall-authentication pass-through web-redirect\n\nFor additional configuration guidance, customers should contact JTAC Support."
}
]
}
}

138
2018/0xxx/CVE-2018-0026.json
View File

@ -1,120 +1,120 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0026",
"STATE": "PUBLIC",
"TITLE": " Junos OS: Stateless IP firewall filter rules stop working as expected after reboot or upgrade"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0026",
"STATE" : "PUBLIC",
"TITLE" : " Junos OS: Stateless IP firewall filter rules stop working as expected after reboot or upgrade"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "15.1",
"version_value": "15.1R4, 15.1R5, 15.1R6"
"affected" : "=",
"version_name" : "15.1",
"version_value" : "15.1R4, 15.1R5, 15.1R6"
},
{
"affected": "<",
"version_name": "15.1X8",
"version_value": "15.1X8.3"
"affected" : "<",
"version_name" : "15.1X8",
"version_value" : "15.1X8.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect.\nThis issue can be verified by running the command:\n user@re0> show interfaces <interface_name> extensive | match filters\"\n CAM destination filters: 0, CAM source filters: 0\nNote: when the issue occurs, it does not show the applied firewall filter.\nThe correct output should show the applied firewall filter, for example:\n user@re0> show interfaces <interface_name> extensive | match filters\"\n CAM destination filters: 0, CAM source filters: 0\n Input Filters: FIREWAL_FILTER_NAME-<interface_name>\n\nThis issue affects firewall filters for every address family.\n\nAffected releases are Juniper Networks Junos OS:\n15.1R4, 15.1R5, 15.1R6 and SRs based on these MRs.\n15.1X8 versions prior to 15.1X8.3."
"lang" : "eng",
"value" : "After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces <interface_name> extensive | match filters\" CAM destination filters: 0, CAM source filters: 0 Note: when the issue occurs, it does not show the applied firewall filter. The correct output should show the applied firewall filter, for example: user@re0> show interfaces <interface_name> extensive | match filters\" CAM destination filters: 0, CAM source filters: 0 Input Filters: FIREWAL_FILTER_NAME-<interface_name> This issue affects firewall filters for every address family. Affected releases are Juniper Networks Junos OS: 15.1R4, 15.1R5, 15.1R6 and SRs based on these MRs. 15.1X8 versions prior to 15.1X8.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 4.7,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Firewall Bypass"
"lang" : "eng",
"value" : "Firewall Bypass"
}
]
},
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10859",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10859"
"name" : "https://kb.juniper.net/JSA10859",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10859"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1R7, 15.1X8.3 and all subsequent releases.\n"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 15.1R7, 15.1X8.3 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10859",
"defect": [
"source" : {
"advisory" : "JSA10859",
"defect" : [
"1161832"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue.\nHowever, once the issue has occurred, it can be restored by performing \"commit full\" (note: \"commit full\" is a potentially disruptive command)."
"lang" : "eng",
"value" : "There are no known workarounds for this issue.\nHowever, once the issue has occurred, it can be restored by performing \"commit full\" (note: \"commit full\" is a potentially disruptive command)."
}
]
}
}

132
2018/0xxx/CVE-2018-0027.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0027",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Receipt of malformed RSVP packet may lead to RPD denial of service"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0027",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Receipt of malformed RSVP packet may lead to RPD denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R3"
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R3"
},
{
"affected": "!<",
"version_name": "all",
"version_value": "16.1R1"
"affected" : "!<",
"version_name" : "all",
"version_value" : "16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage.\n\nIf RSVP is not enabled on an interface, then the issue cannot be triggered via that interface.\n\n\nThis issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3.\n\nThis issue does not affect Junos releases prior to 16.1R1."
"lang" : "eng",
"value" : "Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "denial of service"
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10861",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10861"
"name" : "https://kb.juniper.net/JSA10861",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10861"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R3, 16.2R1, and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 16.1R3, 16.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10861",
"defect": [
"source" : {
"advisory" : "JSA10861",
"defect" : [
"1214350"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Only enable RSVP on specific trusted interfaces as required for MPLS."
"lang" : "eng",
"value" : "Only enable RSVP on specific trusted interfaces as required for MPLS."
}
]
}
}

208
2018/0xxx/CVE-2018-0029.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0029",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Kernel crash (vmcore) during broadcast storm after enabling 'monitor traffic interface fxp0'"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0029",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Kernel crash (vmcore) during broadcast storm after enabling 'monitor traffic interface fxp0'"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D140"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D140"
},
{
"affected": "<",
"platform": "EX2300, EX3400",
"version_name": "15.1X53",
"version_value": "15.1X53-D59"
"affected" : "<",
"platform" : "EX2300, EX3400",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D59"
},
{
"affected": "<",
"platform": "QFX10000 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D67"
"affected" : "<",
"platform" : "QFX10000 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D67"
},
{
"affected": "<",
"platform": "QFX5110, QFX5200",
"version_name": "15.1X53",
"version_value": "15.1X53-D233"
"affected" : "<",
"platform" : "QFX5110, QFX5200",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D233"
},
{
"affected": "<",
"platform": "NFX150, NFX250",
"version_name": "15.1X53",
"version_value": "15.1X53-D471, 15.1X53-D490"
"affected" : "<",
"platform" : "NFX150, NFX250",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D471, 15.1X53-D490"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7"
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R1-S6, 16.2R2-S5, 16.2R3"
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R1-S6, 16.2R2-S5, 16.2R3"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R1-S7, 17.1R2-S7, 17.1R3"
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R1-S7, 17.1R2-S7, 17.1R3"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S6, 17.2R2-S4, 17.2R3"
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R1-S6, 17.2R2-S4, 17.2R3"
},
{
"affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D90, 17.2X75-D110"
"affected" : "<",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D90, 17.2X75-D110"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R1-S4, 17.3R2"
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R1-S4, 17.3R2"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S3, 17.4R2"
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R1-S3, 17.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore).\n\nThis issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability.\n\nAffected releases are Juniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7;\n15.1X49 versions prior to 15.1X49-D140;\n15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400;\n15.1X53 versions prior to 15.1X53-D67 on QFX10K;\n15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110;\n15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX;\n16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7;\n16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3;\n17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3;\n17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3;\n17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110;\n17.3 versions prior to 17.3R1-S4, 17.3R2;\n17.4 versions prior to 17.4R1-S3, 17.4R2."
"lang" : "eng",
"value" : "While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 5.7,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10863",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10863"
"name" : "https://kb.juniper.net/JSA10863",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10863"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1F6-S11*, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D110, 17.2X75-D90, 17.3R1-S4, 17.3R2, 17.4R1-S3, 17.4R2, 18.1R1, 18.1X75-D10, and all subsequent releases.\n\n*Future availability"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 15.1F6-S11*, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D110, 17.2X75-D90, 17.3R1-S4, 17.3R2, 17.4R1-S3, 17.4R2, 18.1R1, 18.1X75-D10, and all subsequent releases.\n\n*Future availability"
}
],
"source": {
"advisory": "JSA10863",
"defect": [
"source" : {
"advisory" : "JSA10863",
"defect" : [
"1322294"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Avoid executing the 'monitor traffic interface fxp0' command while attempting to troubleshoot broadcast storms."
"lang" : "eng",
"value" : "Avoid executing the 'monitor traffic interface fxp0' command while attempting to troubleshoot broadcast storms."
}
]
}
}

198
2018/0xxx/CVE-2018-0030.json
View File

@ -1,171 +1,171 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0030",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) and PTX1K: Line card may crash upon receipt of specific MPLS packet."
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0030",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) and PTX1K: Line card may crash upon receipt of specific MPLS packet."
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "15.1F",
"version_value": "15.1F6-S10"
"affected" : "<",
"version_name" : "15.1F",
"version_value" : "15.1F6-S10"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1R4-S9, 15.1R6-S6, 15.1R7"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R4-S9, 15.1R6-S6, 15.1R7"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7"
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7"
},
{
"affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D46"
"affected" : "<",
"version_name" : "16.1X65",
"version_value" : "16.1X65-D46"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R1-S6, 16.2R2-S5, 16.2R3"
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R1-S6, 16.2R2-S5, 16.2R3"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R1-S7, 17.1R2-S7, 17.1R3"
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R1-S7, 17.1R2-S7, 17.1R3"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S4, 17.2R2-S4, 17.2R3"
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R1-S4, 17.2R2-S4, 17.2R3"
},
{
"affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D70"
"affected" : "<",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D70"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R1-S4, 17.3R2"
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R1-S4, 17.3R2"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S2, 17.4R2"
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R1-S2, 17.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "This issue only affects device with MPLS configured.\n\nThis issue only affects Junos OS platforms with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K"
"lang" : "eng",
"value" : "This issue only affects device with MPLS configured.\n\nThis issue only affects Junos OS platforms with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart.\nBy continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service.\nAffected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K:\n15.1F versions prior to 15.1F6-S10;\n15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7;\n16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7;\n16.1X65 versions prior to 16.1X65-D46;\n16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3;\n17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3;\n17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3;\n17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90;\n17.3 versions prior to 17.3R1-S4, 17.3R2,\n17.4 versions prior to 17.4R1-S2, 17.4R2.\nRefer to KB25385 for more information about PFE line cards.\n"
"lang" : "eng",
"value" : "Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
},
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Remote Code Execution"
"lang" : "eng",
"value" : "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10864",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10864"
"name" : "https://kb.juniper.net/KB25385",
"refsource" : "MISC",
"url" : "https://kb.juniper.net/KB25385"
},
{
"name": "https://kb.juniper.net/KB25385",
"refsource": "MISC",
"url": "https://kb.juniper.net/KB25385"
"name" : "https://kb.juniper.net/JSA10864",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10864"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D471, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.1X65-D46, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R2-S4, 17.2R3, 17.2X75-D70, 17.3R1-S4, 17.3R2, 17.4R1-S2, 17.4R2, 18.1R1, 18.1X75-D10 and all subsequent releases.\nThis fix has been proactively committed into other releases that might not support these specific line card.\n\n"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D471, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.1X65-D46, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R2-S4, 17.2R3, 17.2X75-D70, 17.3R1-S4, 17.3R2, 17.4R1-S2, 17.4R2, 18.1R1, 18.1X75-D10 and all subsequent releases.\nThis fix has been proactively committed into other releases that might not support these specific line card.\n\n"
}
],
"source": {
"advisory": "JSA10864",
"defect": [
"source" : {
"advisory" : "JSA10864",
"defect" : [
"1323069"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "No available workaround exists for this issue."
"lang" : "eng",
"value" : "No available workaround exists for this issue."
}
]
}
}

266
2018/0xxx/CVE-2018-0031.json
View File

@ -1,223 +1,223 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0031",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0031",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D76"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D76"
},
{
"affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S10"
"affected" : "<",
"version_name" : "12.3",
"version_value" : "12.3R12-S10"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D66, 12.3X48-D70"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D66, 12.3X48-D70"
},
{
"affected": "<",
"platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name": "14.1X53",
"version_value": "14.1X53-D47"
"affected" : "<",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D47"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D131, 15.1X49-D140"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D131, 15.1X49-D140"
},
{
"affected": "<",
"platform": "EX2300, EX3400",
"version_name": "15.1X53",
"version_value": "15.1X53-D59"
"affected" : "<",
"platform" : "EX2300, EX3400",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D59"
},
{
"affected": "<",
"platform": "QFX10000 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D67"
"affected" : "<",
"platform" : "QFX10000 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D67"
},
{
"affected": "<",
"platform": "QFX5110, QFX5200",
"version_name": "15.1X53",
"version_value": "15.1X53-D233"
"affected" : "<",
"platform" : "QFX5110, QFX5200",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D233"
},
{
"affected": "<",
"platform": "NFX150, NFX250",
"version_name": "15.1X53",
"version_value": "15.1X53-D471, 15.1X53-D490"
"affected" : "<",
"platform" : "NFX150, NFX250",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D471, 15.1X53-D490"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7"
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R1-S6, 16.2R2-S5, 16.2R3"
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R1-S6, 16.2R2-S5, 16.2R3"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R1-S7, 17.1R2-S7, 17.1R3"
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R1-S7, 17.1R2-S7, 17.1R3"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S6, 17.2R2-S4, 17.2R3"
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R1-S6, 17.2R2-S4, 17.2R3"
},
{
"affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D100"
"affected" : "<",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D100"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R1-S4, 17.3R2-S2, 17.3R3"
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R1-S4, 17.3R2-S2, 17.3R3"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S3, 17.4R2"
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R1-S3, 17.4R2"
},
{
"affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
"affected" : "<",
"version_name" : "18.1",
"version_value" : "18.1R2"
},
{
"affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D5"
"affected" : "<",
"version_name" : "18.2X75",
"version_value" : "18.2X75-D5"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Internet2"
"lang" : "eng",
"value" : "Internet2"
},
{
"lang": "eng",
"value": "The Indiana University GlobalNOC"
"lang" : "eng",
"value" : "The Indiana University GlobalNOC"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack.\n\nThis issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue.\nAffected releases are Juniper Networks Junos OS:\n12.1X46 versions prior to 12.1X46-D76;\n12.3 versions prior to 12.3R12-S10;\n12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70;\n14.1X53 versions prior to 14.1X53-D47;\n15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7;\n15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140;\n15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400;\n15.1X53 versions prior to 15.1X53-D67 on QFX10K;\n15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110;\n15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX;\n16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7;\n16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3;\n17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3;\n17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3;\n17.2X75 versions prior to 17.2X75-D100;\n17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3;\n17.4 versions prior to 17.4R1-S3, 17.4R2;\n18.1 versions prior to 18.1R2;\n18.2X75 versions prior to 18.2X75-D5."
"lang" : "eng",
"value" : "Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Firewall bypass"
"lang" : "eng",
"value" : "Firewall bypass"
}
]
},
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10865",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10865"
"name" : "https://kb.juniper.net/JSA10865",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10865"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D100, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D100, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10865",
"defect": [
"source" : {
"advisory" : "JSA10865",
"defect" : [
"1326402"
],
"discovery": "EXTERNAL"
"discovery" : "EXTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
"lang" : "eng",
"value" : "There are no viable workarounds for this issue."
}
]
}
}

144
2018/0xxx/CVE-2018-0032.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0032",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD crash when receiving a crafted BGP UPDATE"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0032",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: RPD crash when receiving a crafted BGP UPDATE"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D47"
"affected" : "<",
"version_name" : "16.1X65",
"version_value" : "16.1X65-D47"
},
{
"affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D91, 17.2X75-D110"
"affected" : "<",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D91, 17.2X75-D110"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R1-S4, 17.3R2"
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R1-S4, 17.3R2"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S3, 17.4R2"
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R1-S3, 17.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device.\n\nThis issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability.\n\nThis crafted BGP UPDATE does not propagate to other BGP peers.\nAffected releases are Juniper Networks Junos OS:\n16.1X65 versions prior to 16.1X65-D47;\n17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110;\n17.3 versions prior to 17.3R1-S4, 17.3R2;\n17.4 versions prior to 17.4R1-S3, 17.4R2."
"lang" : "eng",
"value" : "The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10866",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10866"
"name" : "https://kb.juniper.net/JSA10866",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10866"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1X65-D47, 17.2X75-D110, 17.2X75-D91, 17.3R1-S4, 17.3R2, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 16.1X65-D47, 17.2X75-D110, 17.2X75-D91, 17.3R1-S4, 17.3R2, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10866",
"defect": [
"source" : {
"advisory" : "JSA10866",
"defect" : [
"1327708"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue"
"lang" : "eng",
"value" : "There are no known workarounds for this issue"
}
]
}
}

238
2018/0xxx/CVE-2018-0034.json
View File

@ -1,196 +1,196 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0034",
"STATE": "PUBLIC",
"TITLE": "Junos OS: A malicious crafted IPv6 DHCP packet may cause the JDHCPD daemon to core"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0034",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: A malicious crafted IPv6 DHCP packet may cause the JDHCPD daemon to core"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D70"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D70"
},
{
"affected": "<",
"platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;",
"version_name": "14.1X53",
"version_value": "14.1X53-D47"
"affected" : "<",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D47"
},
{
"affected": "<",
"platform": "QFabric System",
"version_name": "14.1X53",
"version_value": "14.1X53-D130"
"affected" : "<",
"platform" : "QFabric System",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D130"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1R4-S9, 15.1R6-S6, 15.1R7"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R4-S9, 15.1R6-S6, 15.1R7"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D140"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D140"
},
{
"affected": "<",
"platform": "QFX5110, QFX5200",
"version_name": "15.1X53",
"version_value": "15.1X53-D233"
"affected" : "<",
"platform" : "QFX5110, QFX5200",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D233"
},
{
"affected": "<",
"platform": "NFX 150, NFX 250",
"version_name": "15.1X53",
"version_value": "15.1X53-D471"
"affected" : "<",
"platform" : "NFX 150, NFX 250",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D471"
},
{
"affected": "<",
"platform": "QFX10000 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D67"
"affected" : "<",
"platform" : "QFX10000 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D67"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7"
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S5, 16.2R3"
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R2-S5, 16.2R3"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R1-S7, 17.1R2-S7, 17.1R3"
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R1-S7, 17.1R2-S7, 17.1R3"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S6, 17.2R2-S4, 17.2R3"
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R1-S6, 17.2R2-S4, 17.2R3"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R1-S4, 17.3R2-S2, 17.3R3"
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R1-S4, 17.3R2-S2, 17.3R3"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S3, 17.4R2"
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R1-S3, 17.4R2"
},
{
"affected": "<",
"platform": "EX Series",
"version_name": "12.3",
"version_value": "12.3R12-S10"
"affected" : "<",
"platform" : "EX Series",
"version_name" : "12.3",
"version_value" : "12.3R12-S10"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "For applicable CLI configuration assistance on your device please refer to the KB and Feature Explorer in the URL section further in this advisory.\n"
"lang" : "eng",
"value" : "For applicable CLI configuration assistance on your device please refer to the KB and Feature Explorer in the URL section further in this advisory.\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system.\n\nThis issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon.\n\nThis issue does not affect IPv4 DHCP packet processing.\n\nAffected releases are Juniper Networks Junos OS:\n\n12.3 versions prior to 12.3R12-S10 on EX Series;\n12.3X48 versions prior to 12.3X48-D70 on SRX Series;\n14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;\n14.1X53 versions prior to 14.1X53-D130 on QFabric;\n15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7;\n15.1X49 versions prior to 15.1X49-D140 on SRX Series;\n15.1X53 versions prior to 15.1X53-D67 on QFX10000 Series;\n15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200;\n15.1X53 versions prior to 15.1X53-D471 on NFX 150, NFX 250;\n16.1 versions prior to 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7;\n16.2 versions prior to 16.2R2-S5, 16.2R3;\n17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3;\n17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3;\n17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3;\n17.4 versions prior to 17.4R1-S3, 17.4R2."
"lang" : "eng",
"value" : "A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 DHCP packet processing. Affected releases are Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S10 on EX Series; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200; 15.1X53 versions prior to 15.1X53-D471 on NFX 150, NFX 250; 16.1 versions prior to 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service\n"
"lang" : "eng",
"value" : "Denial of Service\n"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://apps.juniper.net/feature-explorer/search.html#q=dhcp",
"refsource": "MISC",
"url": "https://apps.juniper.net/feature-explorer/search.html#q=dhcp"
"name" : "https://apps.juniper.net/feature-explorer/search.html#q=dhcp",
"refsource" : "MISC",
"url" : "https://apps.juniper.net/feature-explorer/search.html#q=dhcp"
},
{
"name": "https://kb.juniper.net/JSA10868",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10868"
"name" : "https://kb.juniper.net/JSA10868",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10868"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.3R12-S10, 12.3X48-D70, 14.1X53-D130*, 14.1X53-D47, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D67, 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R1, and all subsequent releases.\n\n*Pending Publication"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 12.3R12-S10, 12.3X48-D70, 14.1X53-D130*, 14.1X53-D47, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D67, 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R1, and all subsequent releases.\n\n*Pending Publication"
}
],
"source": {
"advisory": "JSA10868",
"defect": [
"source" : {
"advisory" : "JSA10868",
"defect" : [
"1334230"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
"lang" : "eng",
"value" : "There are no viable workarounds for this issue."
}
]
}
}

134
2018/0xxx/CVE-2018-0035.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0035",
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0035",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "QFX5200 and QFX10002",
"version_name": "15.1X53",
"version_value": "15.1X53-D60"
"affected" : "<",
"platform" : "QFX5200 and QFX10002",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D60"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "Customer can identify whether their device is affected by running the following commands from the Junos OS shell:\n\nAffected System :\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@:RE:0~# grub-fstest /dev/sda2 ls /var/tmp /onie/ | grep onie \n vmlinuz-3.2.35-onie initrd.img-3.2.35-onie tools/ grub/ grub.d/ \n root@:RE:0:~# \nNote: the two files, vmlinuz-3.2.35-onie and initrd.img-3.2.35-onie (version may vary) will be present.\n\nNon-affected System:\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@local-node:~# grub-fstest /dev/sda2 ls /onie/ | grep onie \n root@local-node:~# \nNote: no grep output related to ONIE partition."
"lang" : "eng",
"value" : "Customer can identify whether their device is affected by running the following commands from the Junos OS shell:\n\nAffected System :\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@:RE:0~# grub-fstest /dev/sda2 ls /var/tmp /onie/ | grep onie \n vmlinuz-3.2.35-onie initrd.img-3.2.35-onie tools/ grub/ grub.d/ \n root@:RE:0:~# \nNote: the two files, vmlinuz-3.2.35-onie and initrd.img-3.2.35-onie (version may vary) will be present.\n\nNon-affected System:\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@local-node:~# grub-fstest /dev/sda2 ls /onie/ | grep onie \n root@local-node:~# \nNote: no grep output related to ONIE partition."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition.\nThis additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration.\nOnce rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password.\n\nOnce the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue.\n\nNo other Juniper Networks products or platforms are affected by this issue."
"lang" : "eng",
"value" : "QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 4.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service\n"
"lang" : "eng",
"value" : "Denial of Service\n"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10869",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10869"
"name" : "https://kb.juniper.net/JSA10869",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10869"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "In order to resolve this issue (remove the ONIE partition from the device), customer needs to reimage the device using the USB or PXE image from the Juniper download page.\nThe affected Junos image files have been removed from the Juniper download page."
"lang" : "eng",
"value" : "In order to resolve this issue (remove the ONIE partition from the device), customer needs to reimage the device using the USB or PXE image from the Juniper download page.\nThe affected Junos image files have been removed from the Juniper download page."
}
],
"source": {
"advisory": "JSA10869",
"defect": [
"source" : {
"advisory" : "JSA10869",
"defect" : [
"1335427",
"1335713"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue.\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to device only from trusted, administrative networks or hosts. Limit CLI access to the device from only trusted hosts and administrators."
"lang" : "eng",
"value" : "There are no known workarounds for this issue.\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to device only from trusted, administrative networks or hosts. Limit CLI access to the device from only trusted hosts and administrators."
}
]
}
}

172
2018/0xxx/CVE-2018-0037.json
View File

@ -1,150 +1,150 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0037",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD daemon crashes due to receipt of crafted BGP NOTIFICATION messages"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0037",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: RPD daemon crashes due to receipt of crafted BGP NOTIFICATION messages"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": ">=",
"version_name": "15.1F5",
"version_value": "15.1F5-S7"
"affected" : ">=",
"version_name" : "15.1F5",
"version_value" : "15.1F5-S7"
},
{
"affected": ">=",
"version_name": "15.1F6",
"version_value": "15.1F6-S3"
"affected" : ">=",
"version_name" : "15.1F6",
"version_value" : "15.1F6-S3"
},
{
"affected": "<",
"version_name": "15.1F6",
"version_value": "15.1F6-S10 "
"affected" : "<",
"version_name" : "15.1F6",
"version_value" : "15.1F6-S10 "
},
{
"affected": ">=",
"version_name": "15.1F7",
"version_value": "15.1F7"
"affected" : ">=",
"version_name" : "15.1F7",
"version_value" : "15.1F7"
},
{
"affected": ">=",
"version_name": "15.1",
"version_value": "15.1R5"
"affected" : ">=",
"version_name" : "15.1",
"version_value" : "15.1R5"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1R6-S6, 15.1R7"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R6-S6, 15.1R7"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Internet2"
"lang" : "eng",
"value" : "Internet2"
},
{
"lang": "eng",
"value": "The Indiana University GlobalNOC"
"lang" : "eng",
"value" : "The Indiana University GlobalNOC"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages.\nBy continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. \n\nDue to design improvements, this issue does not affect Junos OS 16.1R1, and all subsequent releases.\n\nThis issue only affects the receiving BGP device and is non-transitive in nature. \nAffected releases are Juniper Networks Junos OS:\n15.1F5 versions starting from 15.1F5-S7 and all subsequent releases;\n15.1F6 versions starting from 15.1F6-S3 and later releases prior to 15.1F6-S10;\n15.1F7 versions\n15.1 versions starting from 15.1R5 and later releases, including the Service Releases based on 15.1R5 and on 15.1R6 prior to 15.1R6-S6 and 15.1R7;"
"lang" : "eng",
"value" : "Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Due to design improvements, this issue does not affect Junos OS 16.1R1, and all subsequent releases. This issue only affects the receiving BGP device and is non-transitive in nature. Affected releases are Juniper Networks Junos OS: 15.1F5 versions starting from 15.1F5-S7 and all subsequent releases; 15.1F6 versions starting from 15.1F6-S3 and later releases prior to 15.1F6-S10; 15.1F7 versions 15.1 versions starting from 15.1R5 and later releases, including the Service Releases based on 15.1R5 and on 15.1R6 prior to 15.1R6-S6 and 15.1R7;"
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
},
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Remote Code Execution"
"lang" : "eng",
"value" : "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10871",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10871"
"name" : "https://kb.juniper.net/JSA10871",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10871"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1F6-S10, 15.1R6-S6, 15.1R7 and all subsequent releases.\nThis fix has been proactively committed into Junos OS 15.1X53-D67, 16.1R3-S8, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S6, 17.1R3, 17.2R1-S5, 17.2R2-S3, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.3R1-S4, 17.3R2-S1, 17.3R3, 17.4R1-S2, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5 and all subsequent releases.\n\n\n"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 15.1F6-S10, 15.1R6-S6, 15.1R7 and all subsequent releases.\nThis fix has been proactively committed into Junos OS 15.1X53-D67, 16.1R3-S8, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S6, 17.1R3, 17.2R1-S5, 17.2R2-S3, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.3R1-S4, 17.3R2-S1, 17.3R3, 17.4R1-S2, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5 and all subsequent releases.\n\n\n"
}
],
"source": {
"advisory": "JSA10871",
"defect": [
"source" : {
"advisory" : "JSA10871",
"defect" : [
"1340689"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "While there are no known workarounds for this issue, the risk associated with this issue can be mitigated by limiting the BGP connection only from trusted peers.\n\n"
"lang" : "eng",
"value" : "While there are no known workarounds for this issue, the risk associated with this issue can be mitigated by limiting the BGP connection only from trusted peers.\n\n"
}
]
}
}

124
2018/0xxx/CVE-2018-0038.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0038",
"STATE": "PUBLIC",
"TITLE": "Contrail Service Orchestration: Hardcoded credentials for Cassandra service"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0038",
"STATE" : "PUBLIC",
"TITLE" : "Contrail Service Orchestration: Hardcoded credentials for Cassandra service"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Contrail Service Orchestration",
"version": {
"version_data": [
"product_name" : "Contrail Service Orchestration",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "3.3.0"
"affected" : "<",
"version_value" : "3.3.0"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra."
"lang" : "eng",
"value" : "Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
"lang" : "eng",
"value" : "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10872",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10872"
"name" : "https://kb.juniper.net/JSA10872",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10872"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "This issue is fixed in Contrail Service Orchestration 3.3.0 and subsequent releases."
"lang" : "eng",
"value" : "This issue is fixed in Contrail Service Orchestration 3.3.0 and subsequent releases."
}
],
"source": {
"advisory": "JSA10872",
"defect": [
"source" : {
"advisory" : "JSA10872",
"defect" : [
"CXU-5666"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Limit access to the CSO environment to only trusted networks and hosts."
"lang" : "eng",
"value" : "Limit access to the CSO environment to only trusted networks and hosts."
}
]
}
}

130
2018/0xxx/CVE-2018-0039.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0039",
"STATE": "PUBLIC",
"TITLE": "Contrail Service Orchestration: Hardcoded credentials for Grafana service"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0039",
"STATE" : "PUBLIC",
"TITLE" : "Contrail Service Orchestration: Hardcoded credentials for Grafana service"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Contrail Service Orchestration",
"version": {
"version_data": [
"product_name" : "Contrail Service Orchestration",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "4.0.0"
"affected" : "<",
"version_value" : "4.0.0"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana."
"lang" : "eng",
"value" : "Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
"lang" : "eng",
"value" : "CWE-798: Use of Hard-coded Credentials"
}
]
},
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-561: Dead Code"
"lang" : "eng",
"value" : "CWE-561: Dead Code"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10872",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10872"
"name" : "https://kb.juniper.net/JSA10872",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10872"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "This issue is fixed in Contrail Service Orchestration 4.0.0 and subsequent releases."
"lang" : "eng",
"value" : "This issue is fixed in Contrail Service Orchestration 4.0.0 and subsequent releases."
}
],
"source": {
"advisory": "JSA10872",
"defect": [
"source" : {
"advisory" : "JSA10872",
"defect" : [
"CXU-5678"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Limit access to the CSO environment to only trusted networks and hosts. Disable Grafana service as it is not required by CSO."
"lang" : "eng",
"value" : "Limit access to the CSO environment to only trusted networks and hosts. Disable Grafana service as it is not required by CSO."
}
]
}
}

124
2018/0xxx/CVE-2018-0040.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0040",
"STATE": "PUBLIC",
"TITLE": "Contrail Service Orchestration: hardcoded cryptographic certificates and keys"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0040",
"STATE" : "PUBLIC",
"TITLE" : "Contrail Service Orchestration: hardcoded cryptographic certificates and keys"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Contrail Service Orchestration",
"version": {
"version_data": [
"product_name" : "Contrail Service Orchestration",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "4.0.0"
"affected" : "<",
"version_value" : "4.0.0"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services."
"lang" : "eng",
"value" : "Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key"
"lang" : "eng",
"value" : "CWE-321: Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10872",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10872"
"name" : "https://kb.juniper.net/JSA10872",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10872"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "This issue is fixed in Contrail Service Orchestration 4.0.0 and subsequent releases."
"lang" : "eng",
"value" : "This issue is fixed in Contrail Service Orchestration 4.0.0 and subsequent releases."
}
],
"source": {
"advisory": "JSA10872",
"defect": [
"source" : {
"advisory" : "JSA10872",
"defect" : [
"CXU-5933"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Limit access to the CSO environment to only trusted networks and hosts."
"lang" : "eng",
"value" : "Limit access to the CSO environment to only trusted networks and hosts."
}
]
}
}

124
2018/0xxx/CVE-2018-0041.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0041",
"STATE": "PUBLIC",
"TITLE": "Contrail Service Orchestration: Hardcoded credentials for Keystone service."
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0041",
"STATE" : "PUBLIC",
"TITLE" : "Contrail Service Orchestration: Hardcoded credentials for Keystone service."
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Contrail Service Orchestration",
"version": {
"version_data": [
"product_name" : "Contrail Service Orchestration",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "3.3.0"
"affected" : "<",
"version_value" : "3.3.0"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone."
"lang" : "eng",
"value" : "Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials."
"lang" : "eng",
"value" : "CWE-798: Use of Hard-coded Credentials."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10872",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10872"
"name" : "https://kb.juniper.net/JSA10872",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10872"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "This issue is fixed in Contrail Service Orchestration 3.3.0 and subsequent releases."
"lang" : "eng",
"value" : "This issue is fixed in Contrail Service Orchestration 3.3.0 and subsequent releases."
}
],
"source": {
"advisory": "JSA10872",
"defect": [
"source" : {
"advisory" : "JSA10872",
"defect" : [
"CXU-5819"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Limit access to the CSO environment to only trusted networks and hosts."
"lang" : "eng",
"value" : "Limit access to the CSO environment to only trusted networks and hosts."
}
]
}
}

124
2018/0xxx/CVE-2018-0042.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0042",
"STATE": "PUBLIC",
"TITLE": "Contrail Service Orchestration: Passwords logged in log files."
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0042",
"STATE" : "PUBLIC",
"TITLE" : "Contrail Service Orchestration: Passwords logged in log files."
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Contrail Service Orchestration",
"version": {
"version_data": [
"product_name" : "Contrail Service Orchestration",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "4.0.0"
"affected" : "<",
"version_value" : "4.0.0"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability."
"lang" : "eng",
"value" : "Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "LOW",
"baseScore" : 5.9,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Information disclosure."
"lang" : "eng",
"value" : "Information disclosure."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10872",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10872"
"name" : "https://kb.juniper.net/JSA10872",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10872"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "This issue is fixed in Contrail Service Orchestration 4.0.0 and subsequent releases."
"lang" : "eng",
"value" : "This issue is fixed in Contrail Service Orchestration 4.0.0 and subsequent releases."
}
],
"source": {
"advisory": "JSA10872",
"defect": [
"source" : {
"advisory" : "JSA10872",
"defect" : [
"CXU-23803"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Limit access to the CSO environment to only trusted networks and hosts."
"lang" : "eng",
"value" : "Limit access to the CSO environment to only trusted networks and hosts."
}
]
}
}