Juniper Junos up to 15.1X49 on SRX IDP Policy Compiler Crafted Packet information disclosure
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.7 | $0-$5k | 0.00 |
A vulnerability was found in Juniper Junos up to 15.1X49 on SRX (Router Operating System). It has been rated as problematic. Affected by this issue is some unknown functionality of the component IDP Policy Compiler. The manipulation as part of a Crafted Packet leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality, integrity, and availability. CVE summarizes:
On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX.
The bug was discovered 04/11/2018. The weakness was published 04/11/2018 (Website). The advisory is available at kb.juniper.net. This vulnerability is handled as CVE-2018-0018 since 11/16/2017. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.
The vulnerability scanner Nessus provides a plugin with the ID 109212 (Juniper Junos IDP Policy Compilation Packet Handling Firewall Rule Bypass Remote Information Disclosure (JSA10846)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Junos Local Security Checks and running in the context c. The commercial vulnerability scanner Qualys is able to test this issue with plugin 43581 (Juniper SRX Series information disclosure and firewall rule bypass vulnerability (JSA10846)).
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (109212). Similar entries are available at 116093, 116092, 116089 and 116088.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.7VulDB Meta Temp Score: 5.7
VulDB Base Score: 3.7
VulDB Temp Score: 3.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.9
NVD Vector: 🔍
CNA Base Score: 7.5
CNA Vector (Juniper Networks, Inc.): 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 109212
Nessus Name: Juniper Junos IDP Policy Compilation Packet Handling Firewall Rule Bypass Remote Information Disclosure (JSA10846)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
11/16/2017 🔍04/11/2018 🔍
04/11/2018 🔍
04/11/2018 🔍
04/11/2018 🔍
04/11/2018 🔍
04/12/2018 🔍
04/20/2018 🔍
02/27/2023 🔍
Sources
Vendor: juniper.netAdvisory: kb.juniper.net
Status: Not defined
Confirmation: 🔍
CVE: CVE-2018-0018 (🔍)
SecurityTracker: 1040786
SecurityFocus: 103748 - Juniper Junos CVE-2018-0018 Security Bypass Vulnerability
See also: 🔍
Entry
Created: 04/12/2018 09:44Updated: 02/27/2023 14:24
Changes: 04/12/2018 09:44 (72), 06/04/2020 09:23 (5), 02/09/2021 17:17 (3), 02/09/2021 17:23 (1), 02/27/2023 14:24 (12)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.