{"containers": {"cna": {"affected": [{"product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "12.1X46-D67", "status": "affected", "version": "12.1X46", "versionType": "custom"}, {"lessThan": "12.3R12-S5", "status": "affected", "version": "12.3", "versionType": "custom"}, {"lessThan": "12.3X48-D35", "status": "affected", "version": "12.3X48", "versionType": "custom"}, {"lessThan": "14.1R8-S5, 14.1R9", "status": "affected", "version": "14.1", "versionType": "custom"}, {"lessThan": "14.1X53-D44, 14.1X53-D50", "status": "affected", "version": "14.1X53", "versionType": "custom"}, {"lessThan": "14.2R7-S7, 14.2R8", "status": "affected", "version": "14.2", "versionType": "custom"}, {"lessThan": "15.1R3", "status": "affected", "version": "15.1", "versionType": "custom"}, {"lessThan": "15.1X49-D30", "status": "affected", "version": "15.1X49", "versionType": "custom"}, {"lessThan": "15.1X53-D70", "status": "affected", "version": "15.1X53", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Cure53 for responsibly reporting this vulnerability."}], "datePublic": "2018-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-22T10:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"name": "1040180", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040180"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10828"}, {"name": "103092", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103092"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D67, 12.3R12-S8*, 12.3X48-D55, 14.1R8-S5, 14.1R9, 14.1X53-D44, 14.1X53-D50, 14.2R7-S7, 14.2R8, 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R7, 15.1X49-D100, 15.1X53-D70, 16.1R4-S6, 16.1R5, 16.2R2-S2, 16.2R3, 17.1R2-S5*, 17.1R3*, 17.2R2, 17.3R1, and all subsequent releases.\n\n*Pending release\n\nNOTE: While Junos OS 12.3R12-S5, 12.3X48-D35, 15.1F2+, 15.1R3, 15.1X49-D30, and all subsequent releases are not vulnerable, this issue has been proactively resolved."}], "source": {"advisory": "JSA10828", "defect": ["1269932"], "discovery": "EXTERNAL"}, "title": "Junos: Unauthenticated Remote Code Execution through J-Web interface", "workarounds": [{"lang": "en", "value": "Disable J-Web, or limit access to only trusted hosts."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2018-01-10T17:00:00.000Z", "ID": "CVE-2018-0001", "STATE": "PUBLIC", "TITLE": "Junos: Unauthenticated Remote Code Execution through J-Web interface"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "12.1X46", "version_value": "12.1X46-D67"}, {"affected": "<", "version_affected": "<", "version_name": "12.3", "version_value": "12.3R12-S5"}, {"affected": "<", "version_affected": "<", "version_name": "12.3X48", "version_value": "12.3X48-D35"}, {"affected": "<", "version_affected": "<", "version_name": "14.1", "version_value": "14.1R8-S5, 14.1R9"}, {"affected": "<", "version_affected": "<", "version_name": "14.1X53", "version_value": "14.1X53-D44, 14.1X53-D50"}, {"affected": "<", "version_affected": "<", "version_name": "14.2", "version_value": "14.2R7-S7, 14.2R8"}, {"affected": "<", "version_affected": "<", "version_name": "15.1", "version_value": "15.1R3"}, {"affected": "<", "version_affected": "<", "version_name": "15.1X49", "version_value": "15.1X49-D30"}, {"affected": "<", "version_affected": "<", "version_name": "15.1X53", "version_value": "15.1X53-D70"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "credit": [{"lang": "eng", "value": "Cure53 for responsibly reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "references": {"reference_data": [{"name": "1040180", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040180"}, {"name": "https://kb.juniper.net/JSA10828", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10828"}, {"name": "103092", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103092"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D67, 12.3R12-S8*, 12.3X48-D55, 14.1R8-S5, 14.1R9, 14.1X53-D44, 14.1X53-D50, 14.2R7-S7, 14.2R8, 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R7, 15.1X49-D100, 15.1X53-D70, 16.1R4-S6, 16.1R5, 16.2R2-S2, 16.2R3, 17.1R2-S5*, 17.1R3*, 17.2R2, 17.3R1, and all subsequent releases.\n\n*Pending release\n\nNOTE: While Junos OS 12.3R12-S5, 12.3X48-D35, 15.1F2+, 15.1R3, 15.1X49-D30, and all subsequent releases are not vulnerable, this issue has been proactively resolved."}], "source": {"advisory": "JSA10828", "defect": ["1269932"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Disable J-Web, or limit access to only trusted hosts."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.045Z"}, "title": "CVE Program Container", "references": [{"name": "1040180", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040180"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA10828"}, {"name": "103092", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103092"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2018-0001", "datePublished": "2018-01-10T22:00:00Z", "dateReserved": "2017-11-16T00:00:00", "dateUpdated": "2024-09-17T03:48:27.310Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*", "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*", "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*", "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*", "matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*", "matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*", "matchCriteriaId": "50E7FD07-A309-48EC-A520-C7F0FA35865C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:*", "matchCriteriaId": "F868948A-04D7-473B-971F-721302653633", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:*", "matchCriteriaId": "830A9EBA-88F1-4277-B98F-75AC52A60824", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:*", "matchCriteriaId": "BFA2ADAB-E486-4DBB-8B84-CC095D102278", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d55:*:*:*:*:*:*", "matchCriteriaId": "9ACD0C03-ACD9-4D47-B3EE-1D8753FF5A83", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d60:*:*:*:*:*:*", "matchCriteriaId": "0DD32D8A-7531-4691-B45D-9EACC69A23D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d65:*:*:*:*:*:*", "matchCriteriaId": "76DFA52F-5B2E-47DA-9A8E-7D17A7413929", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*", "matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*", "matchCriteriaId": "A4AC2E1E-74FB-4DA3-8292-B2079F83FF54", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*", "matchCriteriaId": "5FF83BD0-3B28-481E-8C8F-09ECDA493DA4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*", "matchCriteriaId": "6E296274-AFC1-4F56-A4B3-827C2E0BC9D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*", "matchCriteriaId": "3C82799B-BD25-4359-9E3D-4D7CA7367525", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*", "matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*", "matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*", "matchCriteriaId": "0E5FAA97-171F-4DB9-B78E-6E1A5F34336A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*", "matchCriteriaId": "1E3B807C-196D-42B8-9042-7582A1366772", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*", "matchCriteriaId": "83FEEE8F-9279-46F2-BAF9-A60537020C61", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*", "matchCriteriaId": "1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*", "matchCriteriaId": "1F294E43-73FA-4EF3-90F2-EE29C56D6573", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*", "matchCriteriaId": "EDDE1048-BFEA-4A3E-8270-27C538A68837", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*", "matchCriteriaId": "CC517CD0-FF35-498F-AD33-683B43CA3829", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*", "matchCriteriaId": "53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d60:*:*:*:*:*:*", "matchCriteriaId": "962CCED8-E321-4878-9BE6-0DC33778559A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d61:*:*:*:*:*:*", "matchCriteriaId": "2B08B97A-5D4D-405B-A1C4-9E327E4EED35", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d62:*:*:*:*:*:*", "matchCriteriaId": "738C1061-E8B8-4924-AFE9-5E59F22CA4A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d63:*:*:*:*:*:*", "matchCriteriaId": "9071DC8C-D0AA-448E-82BF-7C801199193F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "6237291A-B861-4D53-B7AA-C53A44B76896", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*", "matchCriteriaId": "9C778627-820A-48F5-9680-0205D6DB5EB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*", "matchCriteriaId": "FA7F03DC-73A2-4760-B386-2A57E9C97E65", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1:r3:*:*:*:*:*:*", "matchCriteriaId": "0CA10003-D52B-4110-9D7A-F50895E6BA17", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1:r4:*:*:*:*:*:*", "matchCriteriaId": "1B2D843A-8ADE-4888-8960-B48394DEA1D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1:r8:*:*:*:*:*:*", "matchCriteriaId": "BF0B8539-31FF-4AE9-91D6-47E6305D9EDF", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1:r9:*:*:*:*:*:*", "matchCriteriaId": "8A76DAC5-AEC4-47E8-9876-71EE5BAD73E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:14.2:r1:*:*:*:*:*:*", "matchCriteriaId": "79149AA0-17D1-4522-894F-C025F7A30FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.2:r2:*:*:*:*:*:*", "matchCriteriaId": "30726286-7CB1-4E5D-AE44-2B4D84795900", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.2:r3:*:*:*:*:*:*", "matchCriteriaId": "33BE028F-2961-414A-9D42-C4861566C2DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.2:r4:*:*:*:*:*:*", "matchCriteriaId": "E85AB30C-03FC-44DB-A8AA-B916A905CA66", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.2:r5:*:*:*:*:*:*", "matchCriteriaId": "D01CA25F-E1E1-4831-8561-D3B0300BF4A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.2:r7:*:*:*:*:*:*", "matchCriteriaId": "8C31AA11-FA95-4927-9E48-D46BBE4945B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.2:r8:*:*:*:*:*:*", "matchCriteriaId": "469B95AC-E779-43D2-A24F-B9CB6D5DB9B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*", "matchCriteriaId": "D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*", "matchCriteriaId": "0E6CD065-EC06-4846-BD2A-D3CA7866070F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "8E014A0D-0054-4EBA-BA1F-035B74BD822F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*", "matchCriteriaId": "371A7DF8-3F4B-439D-8990-D1BC6F0C25C5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*", "matchCriteriaId": "661B4C1E-DB85-4EB0-B26F-F6496CEF0AA6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*", "matchCriteriaId": "7CC3BCFD-2B0F-4994-9FE4-9D37FA85F1E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*", "matchCriteriaId": "C6F309FD-0A5A-4C86-B227-B2B511A5CEB4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*", "matchCriteriaId": "960059B5-0701-4B75-AB51-0A430247D9F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*", "matchCriteriaId": "1D1DCA52-DA81-495B-B516-5571F01E3B0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*", "matchCriteriaId": "05E187F6-BACD-4DD5-B393-B2FE4349053A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*", "matchCriteriaId": "3C240840-A6BC-4E3D-A60D-22F08E67E2B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r8:*:*:*:*:*:*", "matchCriteriaId": "CC90563F-6BCB-4D77-8FD4-584E3A6C7741", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:r9:*:*:*:*:*:*", "matchCriteriaId": "5AD03BA7-D9EC-420F-97C4-383F79D6873F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*", "matchCriteriaId": "9C7FCCC1-B151-465A-8327-26DB5DC074F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*", "matchCriteriaId": "09771B8F-8B2A-4E8B-B4D3-80677697FCF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*", "matchCriteriaId": "55E2F909-E1CC-45AA-ABA9-58178B751808", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*", "matchCriteriaId": "E1AA12C5-4520-4F79-80BE-66112F7AFC2A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*", "matchCriteriaId": "807C8110-5CC2-45F0-B094-BBF9C0B63BDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*", "matchCriteriaId": "547E5737-D385-49B9-A69F-A3B185A34116", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*", "matchCriteriaId": "2ED257ED-A56B-48A6-8568-65F36FFFC753", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*", "matchCriteriaId": "AAE14AE1-6756-4831-A8D5-A6D07DB24AF2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:d50:*:*:*:*:*:*", "matchCriteriaId": "A47ABEA1-BEA0-44E9-B75B-B311CF7E88F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70."}, {"lang": "es", "value": "Un atacante remoto no autenticado podr\u00eda ejecutar c\u00f3digo explotando un defecto de uso de memoria previamente liberada en versiones antiguas de PHP mediante la inyecci\u00f3n de datos manipulados a trav\u00e9s de URL PHP espec\u00edficas en el contexto del proceso J-Web. Las distribuciones afectadas son Juniper Networks Junos OS: 12.1X46 anterior a 12.1X46-D67; 12.3 anterior a 12.3R12-S5; 12.3X48 anterior a 12.3X48-D35; 14.1 anterior a 14.1R8-S5, 14.1R9; 14.1X53 anterior a 14.1X53-D44, 14.1X53-D50; 14.2 anterior a 14.2R7-S7, 14.2R8; 15.1 anterior a 15.1R3; 15.1X49 anterior a 15.1X49-D30; 15.1X53 anterior a 15.1X53-D70."}], "id": "CVE-2018-0001", "lastModified": "2024-11-21T03:37:19.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-10T22:29:00.930", "references": [{"source": "sirt@juniper.net", "url": "http://www.securityfocus.com/bid/103092"}, {"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040180"}, {"source": "sirt@juniper.net", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA10828"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/103092"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA10828"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}