CVE-2018-0024

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
juniperCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3
juniperjunos
12.3:r1
juniperjunos
12.3:r10
juniperjunos
12.3:r2
juniperjunos
12.3:r3
juniperjunos
12.3:r4
juniperjunos
12.3:r5
juniperjunos
12.3:r6
juniperjunos
12.3:r7
juniperjunos
12.3:r8
juniperjunos
12.3:r9
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104718
http://www.securitytracker.com/id/1041314
https://kb.juniper.net/JSA10857
http://www.securityfocus.com/bid/104718
http://www.securitytracker.com/id/1041314
https://kb.juniper.net/JSA10857