Sign-up

ID

VAR-201801-1069


CVE

CVE-2018-0001


TITLE

Juniper Networks Junos OS Uses freed memory vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001734

DESCRIPTION

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70. Juniper Networks Junos OS Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK

Trust: 2.07

sources: NVD: CVE-2018-0001 // JVNDB: JVNDB-2018-001734 // BID: 103092 // VULHUB: VHN-118203 // VULMON: CVE-2018-0001

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 2.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.4

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.1

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.1

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.1

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.1

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.1

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.1

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.1

vendor:junipermodel:junos osscope:eqversion:14.1r8-s5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d67

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d70

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d50

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d35

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r7-s7

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3r12-s5

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d30

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d44

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r9

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r3

Trust: 0.8

vendor:junipermodel:junos 15.1x53-d64scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d63scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d62scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d57scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d48scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d47scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d42scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d122scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d65scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d46scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d37scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos d25scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos d20scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos d15scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos d10scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos -d10scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d70scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d50scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d44scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8-s5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d67scope:neversion: -

Trust: 0.3

sources: VULMON: CVE-2018-0001 // BID: 103092 // JVNDB: JVNDB-2018-001734 // CNNVD: CNNVD-201711-867 // NVD: CVE-2018-0001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0001
value: CRITICAL

Trust: 1.0

sirt@juniper.net: CVE-2018-0001
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0001
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201711-867
value: HIGH

Trust: 0.6

VULHUB: VHN-118203
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0001
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0001
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118203
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0001
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-118203 // VULMON: CVE-2018-0001 // JVNDB: JVNDB-2018-001734 // CNNVD: CNNVD-201711-867 // NVD: CVE-2018-0001 // NVD: CVE-2018-0001

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-118203 // JVNDB: JVNDB-2018-001734 // NVD: CVE-2018-0001

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-867

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-867

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001734

PATCH
title:JSA10828url:https://kb.juniper.net/JSA10828
Trust: 0.8
title:wsusscn2cliurl:https://github.com/hashauthority/wsusscn2cli 
Trust: 0.1
title:Kampaiurl:https://github.com/becrevex/Kampai 
Trust: 0.1
title:AICScriptsurl:https://github.com/becrevex/AICScripts 
Trust: 0.1
title:fabric8-analytics-data-modelurl:https://github.com/fabric8-analytics/fabric8-analytics-data-model 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0001 // 
            
            
            
            JVNDB: JVNDB-2018-001734

EXTERNAL IDS
db:NVDid:CVE-2018-0001
Trust: 2.9
db:JUNIPERid:JSA10828
Trust: 2.1
db:BIDid:103092
Trust: 1.5
db:SECTRACKid:1040180
Trust: 1.2
db:JVNDBid:JVNDB-2018-001734
Trust: 0.8
db:CNNVDid:CNNVD-201711-867
Trust: 0.7
db:VULHUBid:VHN-118203
Trust: 0.1
db:VULMONid:CVE-2018-0001
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118203 // 
            
            
            
            VULMON: CVE-2018-0001 // 
            
            
            
            BID: 103092 // 
            
            
            
            JVNDB: JVNDB-2018-001734 // 
            
            
            
            CNNVD: CNNVD-201711-867 // 
            
            
            
            NVD: CVE-2018-0001

REFERENCES
url:https://kb.juniper.net/jsa10828
Trust: 1.8
url:http://www.securityfocus.com/bid/103092
Trust: 1.2
url:http://www.securitytracker.com/id/1040180
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0001
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0001
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10828
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/416.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/juniper-junos-os-jsa10828
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=56470
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/becrevex/kampai
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118203 // 
            
            
            
            VULMON: CVE-2018-0001 // 
            
            
            
            BID: 103092 // 
            
            
            
            JVNDB: JVNDB-2018-001734 // 
            
            
            
            CNNVD: CNNVD-201711-867 // 
            
            
            
            NVD: CVE-2018-0001

CREDITS
Cure53
Trust: 0.3
sources:
            
            
            BID: 103092

SOURCES
db:VULHUBid:VHN-118203
db:VULMONid:CVE-2018-0001
db:BIDid:103092
db:JVNDBid:JVNDB-2018-001734
db:CNNVDid:CNNVD-201711-867
db:NVDid:CVE-2018-0001

LAST UPDATE DATE
2024-08-14T15:13:19.515000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118203date:2018-02-23T00:00:00
db:VULMONid:CVE-2018-0001date:2018-02-23T00:00:00
db:BIDid:103092date:2018-02-21T00:00:00
db:JVNDBid:JVNDB-2018-001734date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201711-867date:2018-01-12T00:00:00
db:NVDid:CVE-2018-0001date:2018-02-23T02:29:02.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-118203date:2018-01-10T00:00:00
db:VULMONid:CVE-2018-0001date:2018-01-10T00:00:00
db:BIDid:103092date:2018-02-21T00:00:00
db:JVNDBid:JVNDB-2018-001734date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201711-867date:2017-11-21T00:00:00
db:NVDid:CVE-2018-0001date:2018-01-10T22:29:00.930