CVE-2018-0062 - Vulnerability Details

A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00488.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Juniper Networks

Junos OS

affected

Version	Status	Constraints
`12.1X46`	affected	< 12.1X46-D77
`12.3X48`	affected	< 12.3X48-D60
`15.1X49`	affected	< 15.1X49-D120

Juniper Networks

Junos OS

affected

Version	Status	Constraints
`15.1F6`	affected	—
`12.3`	affected	< 12.3R12-S10
`15.1`	affected	< 15.1R7
`16.1`	affected	< 16.1R6
`16.2`	affected	< 16.2R2-S6, 16.2R3
`17.1`	affected	< 17.1R2-S6, 17.1R3
`17.2`	affected	< 17.2R3
`17.3`	affected	< 17.3R2

Juniper Networks

Junos OS

affected

Version	Status	Constraints
`15.1X53`	affected	< 15.1X53-D59

Juniper Networks

Junos OS

affected

Version	Status	Constraints
`15.1X53`	affected	< 15.1X53-D67

Juniper Networks

Junos OS

affected

Version	Status	Constraints
`15.1X53`	affected	< 15.1X53-D234

Juniper Networks

Junos OS

affected

Version	Status	Constraints
`15.1X53`	affected	< 15.1X53-D470, 15.1X53-D495

Configuration 1 [-]

OR	cpe:2.3:o:juniper:junos:12.1x46:::::::*
	cpe:2.3:o:juniper:junos:12.1x46:d10::::::
	cpe:2.3:o:juniper:junos:12.1x46:d15::::::
	cpe:2.3:o:juniper:junos:12.1x46:d20::::::
	cpe:2.3:o:juniper:junos:12.1x46:d25::::::
	cpe:2.3:o:juniper:junos:12.1x46:d30::::::
	cpe:2.3:o:juniper:junos:12.1x46:d35::::::
	cpe:2.3:o:juniper:junos:12.1x46:d40::::::
	cpe:2.3:o:juniper:junos:12.1x46:d45::::::
	cpe:2.3:o:juniper:junos:12.1x46:d50::::::
	cpe:2.3:o:juniper:junos:12.1x46:d55::::::
	cpe:2.3:o:juniper:junos:12.1x46:d60::::::
	cpe:2.3:o:juniper:junos:12.1x46:d65::::::

Configuration 2 [-]

OR	cpe:2.3:o:juniper:junos:12.3:::::::*
	cpe:2.3:o:juniper:junos:12.3:r1::::::
	cpe:2.3:o:juniper:junos:12.3:r11::::::
	cpe:2.3:o:juniper:junos:12.3:r2::::::
	cpe:2.3:o:juniper:junos:12.3:r3::::::
	cpe:2.3:o:juniper:junos:12.3:r4::::::
	cpe:2.3:o:juniper:junos:12.3:r5::::::
	cpe:2.3:o:juniper:junos:12.3:r6::::::
	cpe:2.3:o:juniper:junos:12.3:r7::::::
	cpe:2.3:o:juniper:junos:12.3:r8::::::
	cpe:2.3:o:juniper:junos:12.3:r9::::::

Configuration 3 [-]

OR	cpe:2.3:o:juniper:junos:12.3x48:::::::*
	cpe:2.3:o:juniper:junos:12.3x48:d10::::::
	cpe:2.3:o:juniper:junos:12.3x48:d15::::::
	cpe:2.3:o:juniper:junos:12.3x48:d20::::::
	cpe:2.3:o:juniper:junos:12.3x48:d25::::::
	cpe:2.3:o:juniper:junos:12.3x48:d30::::::
	cpe:2.3:o:juniper:junos:12.3x48:d35::::::
	cpe:2.3:o:juniper:junos:12.3x48:d40::::::
	cpe:2.3:o:juniper:junos:12.3x48:d45::::::
	cpe:2.3:o:juniper:junos:12.3x48:d50::::::
	cpe:2.3:o:juniper:junos:12.3x48:d55::::::
	cpe:2.3:o:juniper:junos:12.3x48:d60::::::

Configuration 4 [-]

OR	cpe:2.3:o:juniper:junos:15.1:::::::*
	cpe:2.3:o:juniper:junos:15.1:f2::::::
	cpe:2.3:o:juniper:junos:15.1:f3::::::
	cpe:2.3:o:juniper:junos:15.1:f4::::::
	cpe:2.3:o:juniper:junos:15.1:f5::::::
	cpe:2.3:o:juniper:junos:15.1:f6::::::
	cpe:2.3:o:juniper:junos:15.1:f7::::::
	cpe:2.3:o:juniper:junos:15.1:r1::::::
	cpe:2.3:o:juniper:junos:15.1:r2::::::
	cpe:2.3:o:juniper:junos:15.1:r3::::::
	cpe:2.3:o:juniper:junos:15.1:r4::::::
	cpe:2.3:o:juniper:junos:15.1:r5::::::
	cpe:2.3:o:juniper:junos:15.1:r6::::::

Configuration 5 [-]

OR	cpe:2.3:o:juniper:junos:15.1x49:::::::*
	cpe:2.3:o:juniper:junos:15.1x49:d10::::::
	cpe:2.3:o:juniper:junos:15.1x49:d100::::::
	cpe:2.3:o:juniper:junos:15.1x49:d110::::::
	cpe:2.3:o:juniper:junos:15.1x49:d20::::::
	cpe:2.3:o:juniper:junos:15.1x49:d30::::::
	cpe:2.3:o:juniper:junos:15.1x49:d35::::::
	cpe:2.3:o:juniper:junos:15.1x49:d40::::::
	cpe:2.3:o:juniper:junos:15.1x49:d45::::::
	cpe:2.3:o:juniper:junos:15.1x49:d50::::::
	cpe:2.3:o:juniper:junos:15.1x49:d55::::::
	cpe:2.3:o:juniper:junos:15.1x49:d60::::::
	cpe:2.3:o:juniper:junos:15.1x49:d65::::::
	cpe:2.3:o:juniper:junos:15.1x49:d70::::::
	cpe:2.3:o:juniper:junos:15.1x49:d75::::::
	cpe:2.3:o:juniper:junos:15.1x49:d80::::::
	cpe:2.3:o:juniper:junos:15.1x49:d90::::::

Configuration 6 [-]

AND

OR	cpe:2.3:o:juniper:junos:15.1x53:::::::*
	cpe:2.3:o:juniper:junos:15.1x53:d50::::::
	cpe:2.3:o:juniper:junos:15.1x53:d51::::::
	cpe:2.3:o:juniper:junos:15.1x53:d52::::::
	cpe:2.3:o:juniper:junos:15.1x53:d55::::::
	cpe:2.3:o:juniper:junos:15.1x53:d57::::::
	cpe:2.3:o:juniper:junos:15.1x53:d58::::::

OR	cpe:2.3:h:juniper:ex2300:-:::::::*
	cpe:2.3:h:juniper:ex3400:-:::::::*

Configuration 7 [-]

AND

OR	cpe:2.3:o:juniper:junos:15.1x53:::::::*
	cpe:2.3:o:juniper:junos:15.1x53:d10::::::
	cpe:2.3:o:juniper:junos:15.1x53:d20::::::
	cpe:2.3:o:juniper:junos:15.1x53:d21::::::
	cpe:2.3:o:juniper:junos:15.1x53:d30::::::
	cpe:2.3:o:juniper:junos:15.1x53:d32::::::
	cpe:2.3:o:juniper:junos:15.1x53:d33::::::
	cpe:2.3:o:juniper:junos:15.1x53:d34::::::
	cpe:2.3:o:juniper:junos:15.1x53:d50::::::
	cpe:2.3:o:juniper:junos:15.1x53:d60::::::
	cpe:2.3:o:juniper:junos:15.1x53:d61::::::
	cpe:2.3:o:juniper:junos:15.1x53:d62::::::
	cpe:2.3:o:juniper:junos:15.1x53:d63::::::
	cpe:2.3:o:juniper:junos:15.1x53:d64::::::
	cpe:2.3:o:juniper:junos:15.1x53:d65::::::
	cpe:2.3:o:juniper:junos:15.1x53:d66::::::

cpe:2.3:h:juniper:qfx10000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:juniper:junos:15.1x53:::::::*
	cpe:2.3:o:juniper:junos:15.1x53:d210::::::
	cpe:2.3:o:juniper:junos:15.1x53:d230::::::
	cpe:2.3:o:juniper:junos:15.1x53:d231::::::
	cpe:2.3:o:juniper:junos:15.1x53:d232::::::
	cpe:2.3:o:juniper:junos:15.1x53:d30::::::

OR	cpe:2.3:h:juniper:qfx5110:-:::::::*
	cpe:2.3:h:juniper:qfx5200:-:::::::*

Configuration 9 [-]

AND

OR	cpe:2.3:o:juniper:junos:15.1x53:::::::*
	cpe:2.3:o:juniper:junos:15.1x53:d40::::::
	cpe:2.3:o:juniper:junos:15.1x53:d45::::::
	cpe:2.3:o:juniper:junos:15.1x53:d495::::::

cpe:2.3:h:juniper:nfx_series:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR	cpe:2.3:o:juniper:junos:16.1:::::::*
	cpe:2.3:o:juniper:junos:16.1:r1::::::
	cpe:2.3:o:juniper:junos:16.1:r2::::::
	cpe:2.3:o:juniper:junos:16.1:r3::::::
	cpe:2.3:o:juniper:junos:16.1:r4::::::
	cpe:2.3:o:juniper:junos:16.1:r5::::::

Configuration 11 [-]

OR	cpe:2.3:o:juniper:junos:16.2:::::::*
	cpe:2.3:o:juniper:junos:16.2:r1::::::
	cpe:2.3:o:juniper:junos:16.2:r3::::::

Configuration 12 [-]

OR	cpe:2.3:o:juniper:junos:17.1:::::::*
	cpe:2.3:o:juniper:junos:17.1:r1::::::
	cpe:2.3:o:juniper:junos:17.1:r3::::::

Configuration 13 [-]

OR	cpe:2.3:o:juniper:junos:17.2:::::::*
	cpe:2.3:o:juniper:junos:17.2:r1::::::
	cpe:2.3:o:juniper:junos:17.2:r2::::::

Configuration 14 [-]

OR	cpe:2.3:o:juniper:junos:17.3:::::::*
	cpe:2.3:o:juniper:junos:17.3:r1::::::

No data.

Subscriptions

Vendors	Products
Juniper Subscribe	Ex2300 Subscribe Ex3400 Subscribe Junos Subscribe Nfx Series Subscribe Qfx10000 Subscribe Qfx5110 Subscribe Qfx5200 Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2018-0886	A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue.

Fixes

Solution

The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10,12.3X48-D60, 15.1R7, 15.1X49-D120, 15.1X53-D234, 15.1X53-D470, 15.1X53-D495, 15.1X53-D59, 15.1X53-D67, 16.1R6, 16.2R2-S6, 16.2R3, 17.1R2-S6, 17.1R3, 17.2R3, 17.3R2, 17.4R1 and all subsequent releases.

Workaround

Limit access to J-Web from only trusted hosts, networks and administrators.

References

Link	Providers
http://www.securitytracker.com/id/1041860
https://kb.juniper.net/JSA10897

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2018-10-10T18:00:00.000Z

Updated: 2024-09-17T00:26:47.423Z

Reserved: 2017-11-16T00:00:00.000Z

Link: CVE-2018-0062

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-10-10T18:29:03.593

Modified: 2024-11-21T03:37:29.403

Link: CVE-2018-0062

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Subscriptions

Tracking

JSON object

JSON object

JSON object

JSON object

JSON object