CVE-2018-0053 - OpenCVE

An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX.

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Vsrx Junos

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos:15.1x49:::::::*
	cpe:2.3:o:juniper:junos:15.1x49:d10::::::
	cpe:2.3:o:juniper:junos:15.1x49:d20::::::

cpe:2.3:h:juniper:vsrx:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securitytracker.com/id/1041854	Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10887	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2018-10-10T00:00:00

Updated: 2018-10-11T09:57:01

Reserved: 2017-11-16T00:00:00

Link: CVE-2018-0053

JSON object: View

NVD Information

Status : Modified

Published: 2018-10-10T18:29:02.530

Modified: 2019-10-09T23:31:08.533

Link: CVE-2018-0053

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"platforms": ["vSRX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "15.1X49-D30", "status": "affected", "version": "15.1X49", "versionType": "custom"}]}], "datePublic": "2018-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Authentication Bypass Using an Alternate Path or Channel\n", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T09:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10887"}, {"name": "1041854", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041854"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D30, and all subsequent releases.\n"}], "source": {"advisory": "JSA10887", "defect": ["1078011"], "discovery": "INTERNAL"}, "title": "vSRX Series: A local authentication vulnerability may lead to full control of a vSRX instance while the system is booting.", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue.\n\nMethods which may reduce, but not eliminate, the risk for exploitation of this problem, and which does not resolve the underlying problem include:\n\n\u2022 Restrict access to the hypervisor to only trusted administrators.\n\u2022 Disallow all access to the 'physical instance' of the vSRX instance while it is initially booting by disabling connectivity to devices hosting the instance; e.g. console servers, etc."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2018-10-10T16:00:00.000Z", "ID": "CVE-2018-0053", "STATE": "PUBLIC", "TITLE": "vSRX Series: A local authentication vulnerability may lead to full control of a vSRX instance while the system is booting."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"affected": "<", "platform": "vSRX Series", "version_affected": "<", "version_name": "15.1X49", "version_value": "15.1X49-D30"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication Bypass Using an Alternate Path or Channel\n"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA10887", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10887"}, {"name": "1041854", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041854"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D30, and all subsequent releases.\n"}], "source": {"advisory": "JSA10887", "defect": ["1078011"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue.\n\nMethods which may reduce, but not eliminate, the risk for exploitation of this problem, and which does not resolve the underlying problem include:\n\n\u2022 Restrict access to the hypervisor to only trusted administrators.\n\u2022 Disallow all access to the 'physical instance' of the vSRX instance while it is initially booting by disabling connectivity to devices hosting the instance; e.g. console servers, etc."}]}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2018-0053", "datePublished": "2018-10-10T00:00:00", "dateReserved": "2017-11-16T00:00:00", "dateUpdated": "2018-10-11T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:15.1x49:*:*:*:*:*:*:*", "matchCriteriaId": "20DABA6A-FA7A-4289-8C6A-2B93689A5440", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*", "matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*", "matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:vsrx:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B10DFCE-5331-4D79-8D9F-EF84743493D3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la secuencia de arranque inicial en Juniper Networks Junos OS en vSRX Series podr\u00eda permitir que un atacante obtenga el control total del sistema sin autenticaci\u00f3n cuando el sistema se arranca inicialmente. Las versiones afectadas de Juniper Networks Junos OS son: Versiones 15.1X49 anteriores a la 15.1X49-D30 en vSRX."}], "id": "CVE-2018-0053", "lastModified": "2019-10-09T23:31:08.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2018-10-10T18:29:02.530", "references": [{"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041854"}, {"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA10887"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}