CVE-2018-0014

CWE-200Information Exposure4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 70.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks ScreenosJuniper Screenos
Timeline
PublishedJan 10
Latest updateMay 13

Description

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/screenosall6.3.0r25
NVDjuniper/screenos25 versions+24

🔴Vulnerability Details

2
GHSA
GHSA-xgmx-gwqj-mmc5: Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from pr2022-05-13
CVEList
ScreenOS: Etherleak vulnerability found on ScreenOS device2018-01-10

📋Vendor Advisories

1
Juniper
CVE-2018-0014: Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from pr2018-01-10
CVE-2018-0014 (MEDIUM CVSS 6.5) | Juniper Networks ScreenOS devices d | cvebase.io