ID

VAR-201810-0075


CVE

CVE-2018-0053


TITLE

Juniper Networks Junos OS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013471

DESCRIPTION

An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX. Juniper Networks Junos OS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-0053 // JVNDB: JVNDB-2018-013471 // VULHUB: VHN-118255

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.6

vendor:junipermodel:junos osscope:eqversion:15.1x49-d30

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

sources: JVNDB: JVNDB-2018-013471 // CNNVD: CNNVD-201810-521 // NVD: CVE-2018-0053

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0053
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0053
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0053
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-521
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118255
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0053
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118255
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0053
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-118255 // JVNDB: JVNDB-2018-013471 // CNNVD: CNNVD-201810-521 // NVD: CVE-2018-0053 // NVD: CVE-2018-0053

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-118255 // JVNDB: JVNDB-2018-013471 // NVD: CVE-2018-0053

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-521

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201810-521

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013471

PATCH

title:JSA10887url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10887&actp=METADATA

Trust: 0.8

title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86107

Trust: 0.6

sources: JVNDB: JVNDB-2018-013471 // CNNVD: CNNVD-201810-521

EXTERNAL IDS

db:NVDid:CVE-2018-0053

Trust: 2.5

db:JUNIPERid:JSA10887

Trust: 1.7

db:SECTRACKid:1041854

Trust: 1.7

db:JVNDBid:JVNDB-2018-013471

Trust: 0.8

db:CNNVDid:CNNVD-201810-521

Trust: 0.6

db:VULHUBid:VHN-118255

Trust: 0.1

sources: VULHUB: VHN-118255 // JVNDB: JVNDB-2018-013471 // CNNVD: CNNVD-201810-521 // NVD: CVE-2018-0053

REFERENCES

url:https://kb.juniper.net/jsa10887

Trust: 1.7

url:http://www.securitytracker.com/id/1041854

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0053

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0053

Trust: 0.8

sources: VULHUB: VHN-118255 // JVNDB: JVNDB-2018-013471 // CNNVD: CNNVD-201810-521 // NVD: CVE-2018-0053

SOURCES

db:VULHUBid:VHN-118255
db:JVNDBid:JVNDB-2018-013471
db:CNNVDid:CNNVD-201810-521
db:NVDid:CVE-2018-0053

LAST UPDATE DATE

2024-08-14T15:02:33.007000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118255date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-013471date:2019-02-21T00:00:00
db:CNNVDid:CNNVD-201810-521date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0053date:2019-10-09T23:31:08.533

SOURCES RELEASE DATE

db:VULHUBid:VHN-118255date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013471date:2019-02-21T00:00:00
db:CNNVDid:CNNVD-201810-521date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0053date:2018-10-10T18:29:02.530