Vulnerabilities > CVE-2014-3412 - Remote Code Execution vulnerability in Juniper products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
juniper
critical
nessus
NVD
Published: 2014-05-20
Updated: 2014-05-21

Summary

Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Juniper
14
Hardware
Juniper
2

Nessus

NASL familyJunos Local Security Checks
NASL idJUNIPER_SPACE_JSA10626.NASL
descriptionAccording to its self-reported version number, the remote Junos Space version is prior to 13.3R1.8. It is, therefore, affected by a remote command execution vulnerability that exists when the firewall is disabled. This could allow a remote attacker to execute arbitrary commands with root privileges. Note that the firewall is enabled by default on Junos Space.
last seen2020-03-18
modified2014-12-22
plugin id80194
published2014-12-22
reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/80194
titleJuniper Junos Space < 13.3R1.8 Arbitrary Command Execution (JSA10626)
code
#TRUSTED ae5ba34b865cd611f9232ec473a0b530f543647d583097262195060d26f2e07c4db938d8213d296d47087b4c98a64e13e725a4524f10fd41df39b76ffbe5728a57b317a05f7c666e52569e5543f44bbd7b969a9ef46f471ae5f3f7ef64b42fc39f69226791667764d1a44c35eeb234843c043aefe19598d42d3aa2b943be2cde085d7caa99bad04248536a0f83a43659b95262f2a586587b572eb90ea81ae2d29b4daf705b5e988b0a2d134a530036a1c252b2b3a51c69208613748d38920f028b93aa611f402f218272c19ecf3f10d56625c35e3ed2b86b16e94858b38b8e7674491d3247f4efa91f01c9e0e048e471344babcce9ffb5d55f24524e087a73ab58cd54f179baca7cddc5bf8cde3f70c775a9421b90496365963188476153e275456fd79a67993c3570466e9f6dc46a0db2d67bd1962c45553652e7b863842e665e4f9e0391e4a4df0165751e8632df1b20d37570fa781c137517583e59324d2f743f952edb793449d960a156efa145d1231507186c88bf0516e6ad1596cf9917a8d665ee7098109bff1cb75b6e2fc3f5429df89c1e9d2eb7a305bd715c64c02d4e700cbe690540feae20762d1266c973acd46c190ab66c7e7140cccbe6f22bf9127c26245e45748410efda0578e78d77a557ca3ddaf558a4e761a622cd8c6eaa9483385ee616097a2c8c6d22a428f8d16976b7b3dbce335ae5cea0e75284e392
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(80194);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/08/10");

  script_cve_id("CVE-2014-3412");
  script_bugtraq_id(67454);

  script_name(english:"Juniper Junos Space < 13.3R1.8 Arbitrary Command Execution (JSA10626)");
  script_summary(english:"Checks the version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by a remote command execution
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Junos Space
version is prior to 13.3R1.8. It is, therefore, affected by a remote
command execution vulnerability that exists when the firewall is
disabled. This could allow a remote attacker to execute arbitrary
commands with root privileges.

Note that the firewall is enabled by default on Junos Space.");
  script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626");
  script_set_attribute(attribute:"solution", value:"Upgrade to Junos Space 13.3R1.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_space");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Junos_Space/version", "Host/Junos_Space/release");

  exit(0);
}

include("audit.inc");
include("ssh_func.inc");
include("telnet_func.inc");
include("hostlevel_funcs.inc");
include("junos.inc");
include("misc_func.inc");


if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/Junos_Space/release");
if (isnull(release) || "Junos Space" >!< release) audit(AUDIT_OS_NOT, "Juniper Junos Space");

ver = get_kb_item_or_exit('Host/Junos_Space/version');
if(_junos_space_ver_compare(ver:ver, fix:'13.3R1.8') >= 0)
  exit(0, 'Junos Space ' + ver + ' is not affected.');

if(report_paranoia < 2)
{
  if ( islocalhost() )
  {
    if ( ! defined_func("pread") ) exit(1, "'pread()' is not defined.");
    info_t = INFO_LOCAL;
  }
  else
  {
    sock_g = ssh_open_connection();
    if (! sock_g) exit(1, "ssh_open_connection() failed.");
    info_t = INFO_SSH;
  }

  cmd = 'service iptables status';
  buf = info_send_cmd(cmd:cmd);

  ssh_close_connection();

  if ("Firewall is not running" >< buf)
    security_report_v4(port:0, extra:get_report(ver:ver, fix:'13.3R1.8'), severity:SECURITY_HOLE);
  else if ("Table: filter" >< buf)
    exit(0, "The firewall is enabled on the remote host.");
  else
    exit(1, "Failed to determine whether the firewall is enabled on the remote host.");
}
else
{
  security_report_v4(port:0, extra:get_report(ver:ver, fix:'13.3R1.8'), severity:SECURITY_HOLE);
}

References