Sign-up

ID

VAR-201810-0074


CVE

CVE-2018-0052


TITLE

Juniper Networks Junos OS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013649

DESCRIPTION

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to unauthenticated root access. When RSH is enabled, the device is listing to RSH connections on port 514. This issue is not exploitable on platforms where Junos release is based on FreeBSD 10+. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S9, 16.1R4-S9, 16.1R5-S4, 16.1R6-S4, 16.1R7; 16.2 versions prior to 16.2R2-S5; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D110, 17.2X75-D91; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.2X75 versions prior to 18.2X75-D5. Juniper Networks Junos OS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-0052 // JVNDB: JVNDB-2018-013649 // VULHUB: VHN-118254

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-013649 // NVD: CVE-2018-0052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0052
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2018-0052
value: HIGH

Trust: 1.0

NVD: CVE-2018-0052
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-520
value: HIGH

Trust: 0.6

VULHUB: VHN-118254
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0052
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118254
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0052
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0052
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118254 // JVNDB: JVNDB-2018-013649 // CNNVD: CNNVD-201810-520 // NVD: CVE-2018-0052 // NVD: CVE-2018-0052

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-118254 // JVNDB: JVNDB-2018-013649 // NVD: CVE-2018-0052

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-520

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201810-520

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013649

PATCH
title:JSA10886url:https://kb.juniper.net/JSA10886
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86106
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013649 // 
            
            
            
            CNNVD: CNNVD-201810-520

EXTERNAL IDS
db:NVDid:CVE-2018-0052
Trust: 2.5
db:JUNIPERid:JSA10886
Trust: 1.7
db:SECTRACKid:1041853
Trust: 1.7
db:JVNDBid:JVNDB-2018-013649
Trust: 0.8
db:CNNVDid:CNNVD-201810-520
Trust: 0.6
db:VULHUBid:VHN-118254
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118254 // 
            
            
            
            JVNDB: JVNDB-2018-013649 // 
            
            
            
            CNNVD: CNNVD-201810-520 // 
            
            
            
            NVD: CVE-2018-0052

REFERENCES
url:https://kb.juniper.net/jsa10886
Trust: 1.7
url:http://www.securitytracker.com/id/1041853
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0052
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0052
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118254 // 
            
            
            
            JVNDB: JVNDB-2018-013649 // 
            
            
            
            CNNVD: CNNVD-201810-520 // 
            
            
            
            NVD: CVE-2018-0052

SOURCES
db:VULHUBid:VHN-118254
db:JVNDBid:JVNDB-2018-013649
db:CNNVDid:CNNVD-201810-520
db:NVDid:CVE-2018-0052

LAST UPDATE DATE
2024-08-14T14:04:47.962000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118254date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-013649date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-520date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0052date:2019-10-09T23:31:08.033

SOURCES RELEASE DATE
db:VULHUBid:VHN-118254date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013649date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-520date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0052date:2018-10-10T18:29:02.407