CVE-2018-0018 - Vulnerability Details

Vendors	Products
Juniper	Junos Srx100 Srx110 Srx1400 Srx1500 Srx210 Srx220 Srx240 Srx300 Srx320 Srx340 Srx3400 Srx345 Srx3600 Srx4100 Srx4200 Srx5400 Srx550 Srx5600 Srx5800 Srx650

Source	ID	Title
EUVD	EUVD-2018-0843	On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX.

Link	Providers
http://www.securityfocus.com/bid/103748
http://www.securitytracker.com/id/1040786
https://kb.juniper.net/JSA10846

{"containers": {"cna": {"affected": [{"platforms": ["SRX"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "12.1X46-D60", "status": "affected", "version": "12.1X46", "versionType": "custom"}, {"lessThan": "12.3X48-D35", "status": "affected", "version": "12.3X48", "versionType": "custom"}, {"lessThan": "15.1X49-D60", "status": "affected", "version": "15.1X49", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "This issue only affects SRX Series devices with IDP configured."}], "credits": [{"lang": "en", "value": "Craig Dods, formerly of IBM Security"}], "datePublic": "2018-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Information disclosure\nfirewall bypass\nprotocol manipulation\nfirewall rule evasion", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-05T09:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10846"}, {"name": "1040786", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040786"}, {"name": "103748", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103748"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D60, 12.3X48-D35, 15.1X49-D60, 17.3R1, and all subsequent releases. \n\nAdditionally, customers should download and apply the latest sigpack for IDP signatures."}], "source": {"advisory": "JSA10846", "defect": ["1151743"], "discovery": "INTERNAL"}, "title": "SRX Series: A crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies.", "workarounds": [{"lang": "en", "value": "Customers using cluster configurations may break the cluster configuration, disable traffic on one node, update the IDP policy, reintroduce this updated node as a standalone device, directing all traffic to it, instead of the current standalone, and then do the same with the secondary node, and then reintroduce cluster configuration to both devices. For this workaround to be most effective, customers should disable automatic updates and manually download IDP signature updates.\n\nAlternately, cluster customers using load balancers may break cluster, run individual side-by-side configurations, off load all traffic from one node via load balancers to another node, then update the IDP policy manually on the idle node, lastly, flip flop this operation, and then return to side-by-side or cluster mode operation.\n\nCustomers unable to utilize similar design scenarios as workarounds such as the above should instead take fixes where available."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2018-04-11T16:00:00.000Z", "ID": "CVE-2018-0018", "STATE": "PUBLIC", "TITLE": "SRX Series: A crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"affected": "<", "platform": "SRX", "version_affected": "<", "version_name": "12.1X46", "version_value": "12.1X46-D60"}, {"affected": "<", "platform": "SRX", "version_affected": "<", "version_name": "12.3X48", "version_value": "12.3X48-D35"}, {"affected": "<", "platform": "SRX", "version_affected": "<", "version_name": "15.1X49", "version_value": "15.1X49-D60"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue only affects SRX Series devices with IDP configured."}], "credit": [{"lang": "eng", "value": "Craig Dods, formerly of IBM Security"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure\nfirewall bypass\nprotocol manipulation\nfirewall rule evasion"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA10846", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10846"}, {"name": "1040786", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040786"}, {"name": "103748", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103748"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D60, 12.3X48-D35, 15.1X49-D60, 17.3R1, and all subsequent releases. \n\nAdditionally, customers should download and apply the latest sigpack for IDP signatures."}], "source": {"advisory": "JSA10846", "defect": ["1151743"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "Customers using cluster configurations may break the cluster configuration, disable traffic on one node, update the IDP policy, reintroduce this updated node as a standalone device, directing all traffic to it, instead of the current standalone, and then do the same with the secondary node, and then reintroduce cluster configuration to both devices. For this workaround to be most effective, customers should disable automatic updates and manually download IDP signature updates.\n\nAlternately, cluster customers using load balancers may break cluster, run individual side-by-side configurations, off load all traffic from one node via load balancers to another node, then update the IDP policy manually on the idle node, lastly, flip flop this operation, and then return to side-by-side or cluster mode operation.\n\nCustomers unable to utilize similar design scenarios as workarounds such as the above should instead take fixes where available."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.259Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA10846"}, {"name": "1040786", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040786"}, {"name": "103748", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103748"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2018-0018", "datePublished": "2018-04-11T19:00:00Z", "dateReserved": "2017-11-16T00:00:00", "dateUpdated": "2024-09-17T01:31:59.467Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*", "matchCriteriaId": "CFB89F64-16BB-4A14-9084-B338668D7FF1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*", "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*", "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*", "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*", "matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*", "matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*", "matchCriteriaId": "50E7FD07-A309-48EC-A520-C7F0FA35865C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:*", "matchCriteriaId": "F868948A-04D7-473B-971F-721302653633", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:*", "matchCriteriaId": "830A9EBA-88F1-4277-B98F-75AC52A60824", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:*", "matchCriteriaId": "BFA2ADAB-E486-4DBB-8B84-CC095D102278", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d55:*:*:*:*:*:*", "matchCriteriaId": "9ACD0C03-ACD9-4D47-B3EE-1D8753FF5A83", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*", "matchCriteriaId": "7192552C-7D4A-4D95-BA79-CDF465E27D37", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*", "matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*", "matchCriteriaId": "A4AC2E1E-74FB-4DA3-8292-B2079F83FF54", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*", "matchCriteriaId": "5FF83BD0-3B28-481E-8C8F-09ECDA493DA4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*", "matchCriteriaId": "6E296274-AFC1-4F56-A4B3-827C2E0BC9D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*", "matchCriteriaId": "3C82799B-BD25-4359-9E3D-4D7CA7367525", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:15.1x49:*:*:*:*:*:*:*", "matchCriteriaId": "20DABA6A-FA7A-4289-8C6A-2B93689A5440", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*", "matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*", "matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*", "matchCriteriaId": "0E5FAA97-171F-4DB9-B78E-6E1A5F34336A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d35:*:*:*:*:*:*", "matchCriteriaId": "870244F3-1C05-4F10-A205-5189BB860F46", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d40:*:*:*:*:*:*", "matchCriteriaId": "235EE40B-AA15-4F39-8087-A051F4F70995", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d45:*:*:*:*:*:*", "matchCriteriaId": "17330544-3AFC-463E-A146-2840A8AE17D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d50:*:*:*:*:*:*", "matchCriteriaId": "8ABA301F-7866-42A5-8391-E07BEAFF06FA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX."}, {"lang": "es", "value": "En los dispositivos SRX durante la compilaci\u00f3n de pol\u00edticas IDP, un atacante que env\u00ede paquetes especialmente manipulados podr\u00eda ser capaz de omitir las reglas de firewall, lo que conduce a una divulgaci\u00f3n de informaci\u00f3n que un atacante podr\u00eda usar para obtener el control del dispositivo objetivo o de otros dispositivos, sistemas o servicios internos protegidos por el dispositivo de serie SRX. Este problema solo se aplica a los dispositivos donde las pol\u00edticas IDP se aplican a una o m\u00e1s reglas. Los clientes que no emplean pol\u00edticas IDP no se han visto afectados. Dependiendo de si las actualizaciones de IDP son autom\u00e1ticas o no, as\u00ed como del intervalo entre actualizaciones disponibles, un atacante tendr\u00e1 m\u00e1s o menos \u00e9xito a la hora de realizar ataques de reconocimiento o de omisi\u00f3n sobre el dispositivo serie SRX o los dispositivos protegidos de la v\u00edctima. ScreenOS con IDP no es vulnerable a este problema. Las versiones afectadas son Juniper Networks Junos OS: 12.1X46 anteriores a 12.1X46-D60 en SRX; 12.3X48 anteriores a 12.3X48-D35 en SRX y 15.1X49 anteriores a 15.1X49-D60 en SRX."}], "id": "CVE-2018-0018", "lastModified": "2024-11-21T03:37:22.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-11T19:29:00.387", "references": [{"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103748"}, {"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040786"}, {"source": "sirt@juniper.net", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA10846"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103748"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040786"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA10846"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object