Vulnerabilities > CVE-2018-0005 - Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos 14.1X53/15.1/15.1X53

047910
CVSS 8.8 - HIGH
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
juniper
CWE-754
nessus

Summary

QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7.

Nessus

NASL familyJunos Local Security Checks
NASL idJUNIPER_JSA10833.NASL
descriptionAccording to its self-reported version number, the remote Junos device is affected by a denial of service vulnerability.
last seen2020-06-01
modified2020-06-02
plugin id106390
published2018-01-26
reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/106390
titleJuniper Junos MAC Move Limit Traffic Handling Remote DoS (JSA10833)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(106390);
  script_version("1.5");
  script_cvs_date("Date: 2018/07/13 15:08:46");

  script_cve_id("CVE-2018-0005");
  script_xref(name:"JSA", value:"JSA10833");

  script_name(english:"Juniper Junos MAC Move Limit Traffic Handling Remote DoS (JSA10833)");
  script_summary(english:"Checks the Junos version and build date.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Junos device
is affected by a denial of service vulnerability.");
  # https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10833&actp=METADATA
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c57047a3");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in
Juniper advisory JSA10833.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/26");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include("audit.inc");
include("junos_kb_cmd_func.inc");

ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
model = get_kb_item_or_exit('Host/Juniper/model');

if (model !~ "^QFX" && model !~ "^EX")
  audit(AUDIT_HOST_NOT, 'an affected model');

# Affected:
# 14.1X53 versions prior to 14.1X53-D40
# 15.1X53 versions prior to 15.1X53-D55
# 15.1 versions prior to 15.1R7
fixes = make_array();
fixes['14.1X53'] = '14.1X53-D40';
fixes['15.1X53'] = '15.1X53-D55';
fixes['15.1'] = '15.1R7';

fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);

override = FALSE;

junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);