Sign-up

ID

VAR-201810-0066


CVE

CVE-2018-0044


TITLE

Juniper Networks Junos OS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013607

DESCRIPTION

An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes". Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series. Juniper Networks Junos OS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. JuniperDeviceManager (JDM) is one of the device management components; hostOS is one of the host operating systems. A security vulnerability exists in JuniperDeviceManager (JDM) and hostOS on the JuniperNFXSeries device. An attacker could exploit the vulnerability for unauthorized remote access. This may aid in further attacks

Trust: 2.43

sources: NVD: CVE-2018-0044 // JVNDB: JVNDB-2018-013607 // CNVD: CNVD-2018-21799 // BID: 105565

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-21799

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:gteversion:18.1r1

Trust: 1.0

vendor:junipermodel:junosscope:lteversion:18.1r3

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:18.1r4 (nfx series)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:18.1

Trust: 0.8

vendor:junipermodel:networks juniper nfx seriesscope: - version: -

Trust: 0.6

vendor:junipermodel:nfxscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 18.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 0.3

vendor:junipermodel:junos 18.1r4scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2018-21799 // BID: 105565 // JVNDB: JVNDB-2018-013607 // NVD: CVE-2018-0044

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0044
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2018-0044
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0044
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-21799
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-512
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-0044
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-21799
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-0044
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0044
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2018-21799 // JVNDB: JVNDB-2018-013607 // CNNVD: CNNVD-201810-512 // NVD: CVE-2018-0044 // NVD: CVE-2018-0044

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-013607 // NVD: CVE-2018-0044

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-512

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201810-512

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013607

PATCH
title:JSA10878url:https://kb.juniper.net/JSA10878
Trust: 0.8
title:JuniperDeviceManager is not authorized to access the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/143187
Trust: 0.6
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86098
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-21799 // 
            
            
            
            JVNDB: JVNDB-2018-013607 // 
            
            
            
            CNNVD: CNNVD-201810-512

EXTERNAL IDS
db:NVDid:CVE-2018-0044
Trust: 3.3
db:BIDid:105565
Trust: 2.5
db:JUNIPERid:JSA10878
Trust: 1.9
db:JVNDBid:JVNDB-2018-013607
Trust: 0.8
db:CNVDid:CNVD-2018-21799
Trust: 0.6
db:CNNVDid:CNNVD-201810-512
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-21799 // 
            
            
            
            BID: 105565 // 
            
            
            
            JVNDB: JVNDB-2018-013607 // 
            
            
            
            CNNVD: CNNVD-201810-512 // 
            
            
            
            NVD: CVE-2018-0044

REFERENCES
url:http://www.securityfocus.com/bid/105565
Trust: 2.2
url:https://kb.juniper.net/jsa10878
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0044
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0044
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10878&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-21799 // 
            
            
            
            BID: 105565 // 
            
            
            
            JVNDB: JVNDB-2018-013607 // 
            
            
            
            CNNVD: CNNVD-201810-512 // 
            
            
            
            NVD: CVE-2018-0044

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 105565

SOURCES
db:CNVDid:CNVD-2018-21799
db:BIDid:105565
db:JVNDBid:JVNDB-2018-013607
db:CNNVDid:CNNVD-201810-512
db:NVDid:CVE-2018-0044

LAST UPDATE DATE
2024-11-23T23:04:57.724000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-21799date:2018-10-26T00:00:00
db:BIDid:105565date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013607date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201810-512date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0044date:2024-11-21T03:37:25.180

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-21799date:2018-10-25T00:00:00
db:BIDid:105565date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013607date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201810-512date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0044date:2018-10-10T18:29:00.530