CVE-2018-0035 in Junos
Summary
by MITRE
QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/06/2023
The vulnerability described in CVE-2018-0035 represents a critical security flaw in Juniper Networks QFX5200 and QFX10002 network devices running specific versions of Junos OS. This issue stems from the unintended inclusion of an additional Open Network Install Environment (ONIE) partition during device manufacturing or software upgrades. The flaw manifests when devices are shipped with Junos OS versions 15.1X53-D21 through D33 and D60, or when they are upgraded using the specified .bin or .iso images. The presence of this extra partition fundamentally compromises the device's security posture by creating an unauthorized recovery mechanism that bypasses normal authentication procedures.
The technical implementation of this vulnerability involves the improper partitioning of storage media within the network device firmware. When a device is rebooted into the ONIE partition, it triggers a complete wipe of the Junos OS partition and all associated configurations, effectively resetting the device to a factory state. This process occurs without any authentication requirements, as the ONIE environment lacks a configured root password. The vulnerability creates a persistent backdoor that allows any user with network access to gain root privileges through either console access or SSH connections, provided they can obtain an IP address via DHCP. The attack vector is particularly dangerous because it does not require any specialized tools or advanced knowledge of the device's internal architecture, making it exploitable by adversaries with minimal technical expertise.
The operational impact of this vulnerability extends far beyond simple unauthorized access, as it fundamentally undermines the integrity and security of network infrastructure. Network administrators face the risk of complete device compromise, where attackers can execute arbitrary code, modify network configurations, and potentially establish persistent access points within the network. The vulnerability's persistence means that even after upgrading to newer software versions, the problematic ONIE partition remains active, rendering standard remediation procedures ineffective. This characteristic aligns with CWE-284, which addresses improper access control, and represents a significant deviation from the expected security model of enterprise network devices. The flaw particularly impacts the confidentiality, integrity, and availability of network services, as unauthorized users can access sensitive network information, modify routing tables, and disrupt network operations. Organizations using affected devices must consider this vulnerability as a critical threat to their network security infrastructure.
Mitigation strategies for this vulnerability require immediate action from network administrators, as simple software upgrades do not resolve the underlying issue. The most effective approach involves physically removing the problematic ONIE partition or implementing firmware images that do not contain the unintended partition. Network security teams should also consider implementing network segmentation and monitoring to detect unauthorized access attempts, though this provides only partial protection given the vulnerability's nature. The remediation process must be carefully planned to avoid disrupting network operations, and organizations should coordinate with Juniper Networks to obtain proper firmware updates that address the partitioning issue. This vulnerability demonstrates the importance of comprehensive firmware validation and the need for robust security testing during software development and deployment processes. The issue also highlights the critical importance of maintaining up-to-date security practices and the potential consequences of inadequate security controls in network infrastructure devices.