CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.5 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, has been found in Juniper Junos (Router Operating System) (unknown version). This issue affects an unknown code block of the component Key Handler. The manipulation with an unknown input leads to a credentials management vulnerability. Using CWE to declare the problem leads to CWE-255. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an attacker will discover the secret passphrases configured for these keys through dictionary-based and brute-force-based attacks using spoofed packets. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R10, 14.1R9; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R5; 16.2 versions prior to 16.2R1-S6, 16.2R2; 17.1 versions prior to 17.1R2.
The bug was discovered 04/11/2018. The weakness was presented 04/11/2018 (Website). The advisory is shared at kb.juniper.net. The identification of this vulnerability is CVE-2018-0021 since 11/16/2017. The exploitation is known to be difficult. Access to the local network is required for this attack. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1552 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 109215 (Juniper Junos Short MacSec Keys Configuration CKN / CAK Key Extension Brute-force Mitm Spoofing (JSA10854)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Junos Local Security Checks and running in the context c. The commercial vulnerability scanner Qualys is able to test this issue with plugin 43584 (Juniper Junos OS: man-in-the-middle attacks vulnerability (JSA10854)).
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (109215). See 116092, 116090, 116089 and 116094 for similar entries.
Product
Type
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.5
VulDB Base Score: 5.0
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.8
NVD Vector: 🔍
CNA Base Score: 8.8
CNA Vector (Juniper Networks, Inc.): 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Credentials managementCWE: CWE-255
ATT&CK: T1552
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 109215
Nessus Name: Juniper Junos Short MacSec Keys Configuration CKN / CAK Key Extension Brute-force Mitm Spoofing (JSA10854)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
Exposure Time: 🔍
Timeline
11/16/2017 🔍04/11/2018 🔍
04/11/2018 🔍
04/11/2018 🔍
04/11/2018 🔍
04/12/2018 🔍
04/20/2018 🔍
02/27/2023 🔍
Sources
Vendor: juniper.netAdvisory: kb.juniper.net
Status: Not defined
Confirmation: 🔍
CVE: CVE-2018-0021 (🔍)
SecurityTracker: 1040789
See also: 🔍
Entry
Created: 04/12/2018 09:45Updated: 02/27/2023 14:32
Changes: 04/12/2018 09:45 (66), 06/04/2020 09:22 (3), 02/09/2021 17:49 (3), 02/09/2021 17:56 (1), 02/27/2023 14:32 (12)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.