Sign-up

ID

VAR-201810-0075


CVE

CVE-2018-0053


TITLE

Juniper Networks Junos OS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013471

DESCRIPTION

An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX. Juniper Networks Junos OS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-0053 // JVNDB: JVNDB-2018-013471 // VULHUB: VHN-118255

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.6

vendor:junipermodel:junos osscope:eqversion:15.1x49-d30

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

sources: JVNDB: JVNDB-2018-013471 // CNNVD: CNNVD-201810-521 // NVD: CVE-2018-0053

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0053
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0053
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0053
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-521
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118255
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0053
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118255
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0053
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-118255 // JVNDB: JVNDB-2018-013471 // CNNVD: CNNVD-201810-521 // NVD: CVE-2018-0053 // NVD: CVE-2018-0053

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-118255 // JVNDB: JVNDB-2018-013471 // NVD: CVE-2018-0053

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-521

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201810-521

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013471

PATCH
title:JSA10887url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10887&actp=METADATA
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86107
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013471 // 
            
            
            
            CNNVD: CNNVD-201810-521

EXTERNAL IDS
db:NVDid:CVE-2018-0053
Trust: 2.5
db:JUNIPERid:JSA10887
Trust: 1.7
db:SECTRACKid:1041854
Trust: 1.7
db:JVNDBid:JVNDB-2018-013471
Trust: 0.8
db:CNNVDid:CNNVD-201810-521
Trust: 0.6
db:VULHUBid:VHN-118255
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118255 // 
            
            
            
            JVNDB: JVNDB-2018-013471 // 
            
            
            
            CNNVD: CNNVD-201810-521 // 
            
            
            
            NVD: CVE-2018-0053

REFERENCES
url:https://kb.juniper.net/jsa10887
Trust: 1.7
url:http://www.securitytracker.com/id/1041854
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0053
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0053
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118255 // 
            
            
            
            JVNDB: JVNDB-2018-013471 // 
            
            
            
            CNNVD: CNNVD-201810-521 // 
            
            
            
            NVD: CVE-2018-0053

SOURCES
db:VULHUBid:VHN-118255
db:JVNDBid:JVNDB-2018-013471
db:CNNVDid:CNNVD-201810-521
db:NVDid:CVE-2018-0053

LAST UPDATE DATE
2024-08-14T15:02:33.007000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118255date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-013471date:2019-02-21T00:00:00
db:CNNVDid:CNNVD-201810-521date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0053date:2019-10-09T23:31:08.533

SOURCES RELEASE DATE
db:VULHUBid:VHN-118255date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013471date:2019-02-21T00:00:00
db:CNNVDid:CNNVD-201810-521date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0053date:2018-10-10T18:29:02.530