Sign-up

ID

VAR-201804-0665


CVE

CVE-2018-0018


TITLE

Juniper Networks Junos OS Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-004213

DESCRIPTION

On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX. Juniper Networks Junos OS Contains an information disclosure vulnerability.Information may be obtained. Juniper Junos is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Juniper SRX Series devices is an SRX series gateway device of Juniper Networks (Juniper Networks). Junos OS is the operating system used in it. The operating system provides a secure programming interface and Junos SDK

Trust: 2.07

sources: NVD: CVE-2018-0018 // JVNDB: JVNDB-2018-004213 // BID: 103748 // VULHUB: VHN-118220 // VULMON: CVE-2018-0018

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.3

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:srx seriesscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d60scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d60scope:neversion: -

Trust: 0.3

sources: BID: 103748 // JVNDB: JVNDB-2018-004213 // CNNVD: CNNVD-201804-517 // NVD: CVE-2018-0018

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0018
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0018
value: HIGH

Trust: 1.0

NVD: CVE-2018-0018
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-517
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118220
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0018
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0018
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118220
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0018
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0018
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 4.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118220 // VULMON: CVE-2018-0018 // JVNDB: JVNDB-2018-004213 // CNNVD: CNNVD-201804-517 // NVD: CVE-2018-0018 // NVD: CVE-2018-0018

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-118220 // JVNDB: JVNDB-2018-004213 // NVD: CVE-2018-0018

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-517

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-517

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004213

PATCH
title:JSA10846url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846&actp=METADATA
Trust: 0.8
title:Juniper SRX Series equipment Junos OS Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83283
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004213 // 
            
            
            
            CNNVD: CNNVD-201804-517

EXTERNAL IDS
db:NVDid:CVE-2018-0018
Trust: 2.9
db:BIDid:103748
Trust: 2.1
db:JUNIPERid:JSA10846
Trust: 2.1
db:SECTRACKid:1040786
Trust: 1.8
db:JVNDBid:JVNDB-2018-004213
Trust: 0.8
db:CNNVDid:CNNVD-201804-517
Trust: 0.6
db:VULHUBid:VHN-118220
Trust: 0.1
db:VULMONid:CVE-2018-0018
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118220 // 
            
            
            
            VULMON: CVE-2018-0018 // 
            
            
            
            BID: 103748 // 
            
            
            
            JVNDB: JVNDB-2018-004213 // 
            
            
            
            CNNVD: CNNVD-201804-517 // 
            
            
            
            NVD: CVE-2018-0018

REFERENCES
url:http://www.securityfocus.com/bid/103748
Trust: 1.9
url:https://kb.juniper.net/jsa10846
Trust: 1.8
url:http://www.securitytracker.com/id/1040786
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0018
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0018
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10846&cat=sirt_1&actp=list
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118220 // 
            
            
            
            VULMON: CVE-2018-0018 // 
            
            
            
            BID: 103748 // 
            
            
            
            JVNDB: JVNDB-2018-004213 // 
            
            
            
            CNNVD: CNNVD-201804-517 // 
            
            
            
            NVD: CVE-2018-0018

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103748

SOURCES
db:VULHUBid:VHN-118220
db:VULMONid:CVE-2018-0018
db:BIDid:103748
db:JVNDBid:JVNDB-2018-004213
db:CNNVDid:CNNVD-201804-517
db:NVDid:CVE-2018-0018

LAST UPDATE DATE
2024-08-14T15:02:43.672000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118220date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0018date:2019-10-09T00:00:00
db:BIDid:103748date:2018-04-11T00:00:00
db:JVNDBid:JVNDB-2018-004213date:2018-06-14T00:00:00
db:CNNVDid:CNNVD-201804-517date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0018date:2019-10-09T23:30:58.643

SOURCES RELEASE DATE
db:VULHUBid:VHN-118220date:2018-04-11T00:00:00
db:VULMONid:CVE-2018-0018date:2018-04-11T00:00:00
db:BIDid:103748date:2018-04-11T00:00:00
db:JVNDBid:JVNDB-2018-004213date:2018-06-14T00:00:00
db:CNNVDid:CNNVD-201804-517date:2018-04-11T00:00:00
db:NVDid:CVE-2018-0018date:2018-04-11T19:29:00.387