Details of VAR-201801-1077

ID

VAR-201801-1077

CVE

CVE-2018-0009

TITLE

Juniper Networks Junos OS Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-001738

DESCRIPTION

On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series. Juniper Networks Junos OS Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Juniper Junos is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Juniper SRX Series is an SRX series firewall device of Juniper Networks (Juniper Networks). Junos is an operating system that runs on it

Trust: 1.98

sources: NVD: CVE-2018-0009 // JVNDB: JVNDB-2018-001738 // BID: 102491 // VULHUB: VHN-118211

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.3
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1x49-d100	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d71	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3x48-d55	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3x48 (srx)	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46 (srx)	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1x49 (srx)	Trust: 0.8
vendor:	juniper	model:	srx series	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d80	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d70	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d60	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d51	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d50	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d45	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d67	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d66	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d65	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d60	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d55	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d51	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d50	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d46	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d45	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d37	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d36	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d100	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d55	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d71	scope:	ne	version:	-	Trust: 0.3

sources: BID: 102491 // JVNDB: JVNDB-2018-001738 // CNNVD: CNNVD-201711-910 // NVD: CVE-2018-0009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0009
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2018-0009
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0009
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-910
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118211
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0009
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118211
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0009
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8
sirt@juniper.net:	CVE-2018-0009
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	2.7
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-118211 // JVNDB: JVNDB-2018-001738 // CNNVD: CNNVD-201711-910 // NVD: CVE-2018-0009 // NVD: CVE-2018-0009

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-118211 // JVNDB: JVNDB-2018-001738 // NVD: CVE-2018-0009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-910

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-910

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001738

PATCH

title:	JSA10836	url:	https://kb.juniper.net/JSA10836	Trust: 0.8
title:	Juniper SRX series Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100180	Trust: 0.6

sources: JVNDB: JVNDB-2018-001738 // CNNVD: CNNVD-201711-910

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0009	Trust: 2.8
db:	BID	id:	102491	Trust: 2.0
db:	JUNIPER	id:	JSA10836	Trust: 2.0
db:	SECTRACK	id:	1040187	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-001738	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-910	Trust: 0.7
db:	VULHUB	id:	VHN-118211	Trust: 0.1

sources: VULHUB: VHN-118211 // BID: 102491 // JVNDB: JVNDB-2018-001738 // CNNVD: CNNVD-201711-910 // NVD: CVE-2018-0009

REFERENCES

url:	http://www.securityfocus.com/bid/102491	Trust: 1.7
url:	https://kb.juniper.net/jsa10836	Trust: 1.7
url:	http://www.securitytracker.com/id/1040187	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0009	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0009	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/us/en/products-services/nos/junos/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10836&cat=sirt_1&actp=list	Trust: 0.3

sources: VULHUB: VHN-118211 // BID: 102491 // JVNDB: JVNDB-2018-001738 // CNNVD: CNNVD-201711-910 // NVD: CVE-2018-0009

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 102491

SOURCES

db:	VULHUB	id:	VHN-118211
db:	BID	id:	102491
db:	JVNDB	id:	JVNDB-2018-001738
db:	CNNVD	id:	CNNVD-201711-910
db:	NVD	id:	CVE-2018-0009

LAST UPDATE DATE

2024-08-14T15:29:06.742000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118211	date:	2019-10-09T00:00:00
db:	BID	id:	102491	date:	2018-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-001738	date:	2018-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201711-910	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0009	date:	2019-10-09T23:30:57.393

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118211	date:	2018-01-10T00:00:00
db:	BID	id:	102491	date:	2018-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-001738	date:	2018-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201711-910	date:	2017-11-22T00:00:00
db:	NVD	id:	CVE-2018-0009	date:	2018-01-10T22:29:01.260