CVE-2018-0052 — Improper Authentication in Networks Junos OS

CWE-287 — Improper Authentication5 documents4 sources

Severity

8.1HIGHNVD

EPSS

8.9%

top 7.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper EX Series +3 more

Timeline

PublishedOct 10

Latest updateMay 13

Description

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to unauthenticated root access. When RSH is enabled, the device is listing to RSH connections on port 514. T…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages6 packages

▶juniperjuniper/ex_series

▶juniperjuniper/qfx_series

▶juniperjuniper/srx_series

▶CVEListV5juniper_networks/junos_os12.1X46 — 12.1X46-D77+17

▶NVDjuniper/junos15 versions+14

🔴Vulnerability Details

GHSA

GHSA-mm4j-2j55-f9f2: If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the devic↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0052: If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the devic↗2018-10-10

▶

💬Community

Bugzilla

CVE-2018-11218 redis: Heap corruption in lua_cmsgpack.c↗2018-06-12

▶

Bugzilla

CVE-2018-11219 redis: Integer overflow in lua_struct.c:b_unpack()↗2018-06-12

▶