← Back

CVE-2018-0024

nvd nist
Published: Jul 11, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.

Affected (31)

Products: Juniper: Junos
Juniper
1 product
Junos
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 12.1x46
Junos
Version 12.1x46 d10
Junos
Version 12.1x46 d15
Junos
Version 12.1x46 d20
Junos
Version 12.1x46 d25
Junos
Version 12.1x46 d30
Junos
Version 12.1x46 d35
Junos
Version 12.1x46 d40
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 12.3x48
Junos
Version 12.3x48 d10
Junos
Version 12.3x48 d15
Configuration C
11 vulnerable · 9 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 12.3
Junos
Version 12.3 r10
Junos
Version 12.3 r1
Junos
Version 12.3 r2
Junos
Version 12.3 r3
Junos
Version 12.3 r4
Junos
Version 12.3 r5
Junos
Version 12.3 r6
Junos
Version 12.3 r7
Junos
Version 12.3 r8
Junos
Version 12.3 r9
Running on/withPlatform Versions
Juniper
Ex2200
All versions
Juniper
Ex2200 C
All versions
Juniper
Ex2300
All versions
Juniper
Ex2300 C
All versions
Juniper
Ex3300
All versions
Juniper
Ex3400
All versions
Juniper
Ex4550
All versions
Juniper
Ex9200
All versions
Juniper
Ex Rps
All versions
Configuration D
7 vulnerable · 12 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 14.1x53
Junos
Version 14.1x53 d10
Junos
Version 14.1x53 d15
Junos
Version 14.1x53 d16
Junos
Version 14.1x53 d25
Junos
Version 14.1x53 d26
Junos
Version 14.1x53 d27
Running on/withPlatform Versions
Juniper
Ex2200/vc
All versions
Juniper
Ex3200
All versions
Juniper
Ex3300/vc
All versions
Juniper
Ex4200
All versions
Juniper
Ex4300
All versions
Juniper
Ex4550/vc
All versions
Juniper
Ex4600
All versions
Juniper
Ex6200
All versions
Juniper
Ex8200/vc (xre)
All versions
Juniper
Qfx3500
All versions
Juniper
Qfx3600
All versions
Juniper
Qfx5100
All versions
Configuration E
2 vulnerable · 20 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 15.1x49
Junos
Version 15.1x49 d10
Running on/withPlatform Versions
Juniper
Srx100
All versions
Juniper
Srx110
All versions
Juniper
Srx1400
All versions
Juniper
Srx1500
All versions
Juniper
Srx210
All versions
Juniper
Srx220
All versions
Juniper
Srx240
All versions
Juniper
Srx300
All versions
Juniper
Srx320
All versions
Juniper
Srx340
All versions
Juniper
Srx3400
All versions
Juniper
Srx345
All versions
Juniper
Srx3600
All versions
Juniper
Srx4100
All versions
Juniper
Srx4200
All versions
Juniper
Srx5400
All versions
Juniper
Srx550
All versions
Juniper
Srx5600
All versions
Juniper
Srx5800
All versions
Juniper
Srx650
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

Source: sirt@juniper.net
Third Party AdvisoryVDB Entry
Source: sirt@juniper.net
Third Party AdvisoryVDB Entry
Source: sirt@juniper.net
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.