Sign-up

ID

VAR-201801-1084


CVE

CVE-2018-0014


TITLE

Juniper Networks ScreenOS Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-001409

DESCRIPTION

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25. Juniper Networks ScreenOS The device contains an information disclosure vulnerability. This vulnerability CVE-2003-0001 And related issues.Information may be obtained. Juniper ScreenOS is an operating system of Juniper Networks that runs on NetScreen series firewalls. There is a security vulnerability in Juniper ScreenOS 6.3.0r25, the vulnerability is caused by the program not filling the Ethernet packet with zero

Trust: 1.71

sources: NVD: CVE-2018-0014 // JVNDB: JVNDB-2018-001409 // VULHUB: VHN-118216

AFFECTED PRODUCTS

vendor:junipermodel:screenosscope:eqversion:6.3.0r25

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:6.3.0r19

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:6.3.0r20

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:6.3.0r24

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:6.3.0r17

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:6.3.0r8

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r2

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r15

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r3

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r18

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r13

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r12

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r5

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r11

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r10

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r23

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r6

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r21

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r22

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r9

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r14

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r1

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r16

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r4

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:6.3.0r7

Trust: 1.0

vendor:junipermodel:screenosscope:ltversion:6.3.0r25

Trust: 0.8

sources: JVNDB: JVNDB-2018-001409 // CNNVD: CNNVD-201801-356 // NVD: CVE-2018-0014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0014
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0014
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0014
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201801-356
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118216
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0014
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118216
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0014
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0014
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118216 // JVNDB: JVNDB-2018-001409 // CNNVD: CNNVD-201801-356 // NVD: CVE-2018-0014 // NVD: CVE-2018-0014

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-118216 // JVNDB: JVNDB-2018-001409 // NVD: CVE-2018-0014

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201801-356

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201801-356

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001409

PATCH
title:JSA10841url:https://kb.juniper.net/JSA10841
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-001409

EXTERNAL IDS
db:NVDid:CVE-2018-0014
Trust: 2.5
db:JUNIPERid:JSA10841
Trust: 1.7
db:SECTRACKid:1040185
Trust: 1.7
db:JVNDBid:JVNDB-2018-001409
Trust: 0.8
db:CNNVDid:CNNVD-201801-356
Trust: 0.7
db:VULHUBid:VHN-118216
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118216 // 
            
            
            
            JVNDB: JVNDB-2018-001409 // 
            
            
            
            CNNVD: CNNVD-201801-356 // 
            
            
            
            NVD: CVE-2018-0014

REFERENCES
url:https://kb.juniper.net/jsa10841
Trust: 1.7
url:http://www.securitytracker.com/id/1040185
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0014
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0014
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118216 // 
            
            
            
            JVNDB: JVNDB-2018-001409 // 
            
            
            
            CNNVD: CNNVD-201801-356 // 
            
            
            
            NVD: CVE-2018-0014

SOURCES
db:VULHUBid:VHN-118216
db:JVNDBid:JVNDB-2018-001409
db:CNNVDid:CNNVD-201801-356
db:NVDid:CVE-2018-0014

LAST UPDATE DATE
2024-11-23T21:44:39.864000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118216date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-001409date:2018-02-14T00:00:00
db:CNNVDid:CNNVD-201801-356date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0014date:2024-11-21T03:37:21.593

SOURCES RELEASE DATE
db:VULHUBid:VHN-118216date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001409date:2018-02-14T00:00:00
db:CNNVDid:CNNVD-201801-356date:2018-01-12T00:00:00
db:NVDid:CVE-2018-0014date:2018-01-10T22:29:01.463