CVE-2018-0001

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70.
Severity
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.1x46
juniperjunos
12.3x48
juniperjunos
12.3x48
juniperjunos
12.3x48
juniperjunos
12.3x48
juniperjunos
12.3x48
juniperjunos
15.1x49
juniperjunos
15.1x49
juniperjunos
15.1x49
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
15.1x53
juniperjunos
14.1
juniperjunos
14.1
juniperjunos
14.1
juniperjunos
14.1
juniperjunos
14.1
juniperjunos
14.1
juniperjunos
14.1
juniperjunos
14.2
juniperjunos
14.2
juniperjunos
14.2
juniperjunos
14.2
juniperjunos
14.2
juniperjunos
14.2
juniperjunos
14.2
juniperjunos
15.1
juniperjunos
15.1
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
12.3
juniperjunos
14.1x53
juniperjunos
14.1x53
juniperjunos
14.1x53
juniperjunos
14.1x53
juniperjunos
14.1x53
juniperjunos
14.1x53
juniperjunos
14.1x53
juniperjunos
14.1x53
juniperjunos
14.1x53
𝑥
= Vulnerable software versions