Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-500
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Produits NFX, Junos OS versions antérieures à 18.2R1, 18.2X75-D5
- Produits CTP, CTPView versions antérieures à 7.3R6
- Produits EX, Junos OS versions antérieures à 12.3R12-S15
- Produits SRX
- Junos OS versions antérieures à 12.3X48-D80, 15.1X49-D120, 15.1X49-D150, 15.1X49-D171, 15.1X49-D180, à partir de la version 18.2R2-S1 et antérieures à 18.2R3, 18.4R2, ainsi que les versions antérieures à 18.2R3, 19.2R1 pour la série SRX 5000
- Junos OS avec J-Web activé versions antérieures à 12.3X48-D85, 15.1X49-D180
- Junos OS avec SIP ALG activé versions antérieures à 12.3X48-D61, 12.3X48-D65, 15.1X49-D130, 17.3R3, 17.4R2
- Produits MX
- Junos OS gamme MX480, MX960, MX2008, MX2010, MX2020 versions antérieures à 18.1R2-S4, 18.1R3-S5, 18.1X75-D10 et ultérieures, versions antérieures à 18.2R1-S5, 18.2R2-S3, 18.2R3, 18.2X75-D50, 18.3R1-S4, 18.3R2, 18.3R3, 18.4R1-S2, 18.4R2
- Junos OS avec DHCPv6 activé versions antérieures à 15.1R7-S5, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R3-S2, 17.3R3-S6, 17.4R2-S5, 17.4R3, 18.1R3-S6, 18.2R2-S4, 18.2R3, 18.2X75-D50, 18.3R1-S5, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2
- Junos OS avec cartes MS-PIC, MS-MIC ou MS-MPC et activation de NAT et SIP ALG, versions antérieures 16.1R7-S5, 16.2R2-S11, 17.1R3, 17.2R3-S3, 17.3R3-S6, 17.4R2-S8, 17.4R3, 18.1R3-S3, 18.2R3, 18.3R2, 18.4R
- Toutes séries
- Junos OS versions antérieures à 15.1F6-S12, 15.1R7-S2, 15.1X49-D171, 15.1X49-D180, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D496, 15.1X53-D68, 15.1X53-D69, 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2, 16.2R2-S7, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.2R3-S1, 17.3R2-S4, 17.3R3, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3, 18.1R2-S4, 18.1R3-S1, 18.1X75, 18.2R1-S5, 18.2R2-S2, 18.2R3, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2
- Junos OS avec J-Web activé versions antérieures à 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S5, 17.4R2-S8, 17.4R3, 18.1R3-S8, 18.2R3, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2
- Junos OS sur des équipements avec l'option Multi-Chassis Link Aggregation Group (MC-LAG) activée, versions ultérieures à 15.1 et antérieures à 16.1R6-S2, 16.1R7, 16.2R2-S10, 17.1R3
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eProduits NFX, Junos OS versions ant\u00e9rieures \u00e0 18.2R1, 18.2X75-D5\u003c/li\u003e \u003cli\u003eProduits CTP, CTPView versions ant\u00e9rieures \u00e0 7.3R6\u003c/li\u003e \u003cli\u003eProduits EX, Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15\u003c/li\u003e \u003cli\u003eProduits SRX \u003cul\u003e \u003cli\u003eJunos OS versions ant\u00e9rieures \u00e0 12.3X48-D80, 15.1X49-D120, 15.1X49-D150, 15.1X49-D171, 15.1X49-D180, \u00e0 partir de la version 18.2R2-S1 et ant\u00e9rieures \u00e0 18.2R3, 18.4R2, ainsi que les versions ant\u00e9rieures \u00e0 18.2R3, 19.2R1 pour la s\u00e9rie SRX 5000\u003c/li\u003e \u003cli\u003eJunos OS avec J-Web activ\u00e9 versions ant\u00e9rieures \u00e0 12.3X48-D85, 15.1X49-D180\u003c/li\u003e \u003cli\u003eJunos OS avec SIP ALG activ\u00e9 versions ant\u00e9rieures \u00e0 12.3X48-D61, 12.3X48-D65, 15.1X49-D130, 17.3R3, 17.4R2\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eProduits MX \u003cul\u003e \u003cli\u003eJunos OS gamme\u00a0MX480, MX960, MX2008, MX2010, MX2020 versions ant\u00e9rieures \u00e0 18.1R2-S4, 18.1R3-S5, 18.1X75-D10 et ult\u00e9rieures, versions ant\u00e9rieures \u00e0 18.2R1-S5, 18.2R2-S3, 18.2R3, 18.2X75-D50, 18.3R1-S4, 18.3R2, 18.3R3, 18.4R1-S2, 18.4R2\u003c/li\u003e \u003cli\u003eJunos OS avec DHCPv6 activ\u00e9 versions ant\u00e9rieures \u00e0 15.1R7-S5, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R3-S2, 17.3R3-S6, 17.4R2-S5, 17.4R3, 18.1R3-S6, 18.2R2-S4, 18.2R3, 18.2X75-D50, 18.3R1-S5, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2\u003c/li\u003e \u003cli\u003eJunos OS avec cartes MS-PIC, MS-MIC ou MS-MPC et activation de NAT et SIP ALG, versions ant\u00e9rieures 16.1R7-S5, 16.2R2-S11, 17.1R3, 17.2R3-S3, 17.3R3-S6, 17.4R2-S8, 17.4R3, 18.1R3-S3, 18.2R3, 18.3R2, 18.4R\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eToutes s\u00e9ries \u003cul\u003e \u003cli\u003eJunos OS versions ant\u00e9rieures \u00e0 15.1F6-S12, 15.1R7-S2,\u00a0 15.1X49-D171, 15.1X49-D180, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590,\u00a0 15.1X53-D496, 15.1X53-D68, 15.1X53-D69, 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2, 16.2R2-S7, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.2R3-S1, 17.3R2-S4, 17.3R3, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3, 18.1R2-S4, 18.1R3-S1, 18.1X75, 18.2R1-S5, 18.2R2-S2, 18.2R3, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2\u003c/li\u003e \u003cli\u003eJunos OS avec J-Web activ\u00e9 versions ant\u00e9rieures \u00e0 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S5, 17.4R2-S8, 17.4R3, 18.1R3-S8, 18.2R3, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2\u003c/li\u003e \u003cli\u003eJunos OS sur des \u00e9quipements avec l\u0027option Multi-Chassis Link Aggregation Group (MC-LAG) activ\u00e9e, versions ult\u00e9rieures \u00e0 15.1 et ant\u00e9rieures \u00e0 16.1R6-S2, 16.1R7, 16.2R2-S10, 17.1R3\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003c/ul\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0061"
},
{
"name": "CVE-2019-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0054"
},
{
"name": "CVE-2019-0058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0058"
},
{
"name": "CVE-2019-0056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0056"
},
{
"name": "CVE-2019-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0062"
},
{
"name": "CVE-2016-10011",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
},
{
"name": "CVE-2016-10009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
},
{
"name": "CVE-2019-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0057"
},
{
"name": "CVE-2019-0067",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0067"
},
{
"name": "CVE-2019-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0063"
},
{
"name": "CVE-2019-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0064"
},
{
"name": "CVE-2016-10010",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10010"
},
{
"name": "CVE-2018-20685",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
},
{
"name": "CVE-2016-10012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10012"
},
{
"name": "CVE-2015-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
},
{
"name": "CVE-2019-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0065"
},
{
"name": "CVE-2019-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0059"
},
{
"name": "CVE-2019-0055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0055"
},
{
"name": "CVE-2019-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0060"
},
{
"name": "CVE-2019-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0066"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-500",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10962 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10962\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10954 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10954\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10953 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10953\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10957 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10957\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10952 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10952\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10965 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10965\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10964 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10964\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10960 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10960\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10963 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10963\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10958 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10958\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10959 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10959\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10966 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10966\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10956 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10956\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10955 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10955\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10961 du 10 octobre 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10961\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CVE-2015-8325 (GCVE-0-2015-8325)
Vulnerability from cvelistv5 – Published: 2016-05-01 00:00 – Updated: 2026-05-22 14:29
VLAI
EPSS
Summary
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
Severity
7.8 (High)
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/86187 | vdb-entry |
| http://www.debian.org/security/2016/dsa-3550 | vendor-advisory |
| https://people.canonical.com/~ubuntu-security/cve… | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1328012 | |
| http://rhn.redhat.com/errata/RHSA-2017-0641.html | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2588.html | vendor-advisory |
| http://www.securitytracker.com/id/1036487 | vdb-entry |
| https://anongit.mindrot.org/openssh.git/commit/?i… | |
| https://security-tracker.debian.org/tracker/CVE-2… | |
| https://security.gentoo.org/glsa/201612-18 | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2018062… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public
2016-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "86187",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86187"
},
{
"name": "DSA-3550",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3550"
},
{
"tags": [
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012"
},
{
"name": "RHSA-2017:0641",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html"
},
{
"name": "RHSA-2016:2588",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html"
},
{
"name": "1036487",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036487"
},
{
"tags": [
"x_transferred"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8325"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180628-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-8325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T14:28:36.386798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1262",
"description": "CWE-1262 Improper Access Control for Register Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T14:29:32.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "86187",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/86187"
},
{
"name": "DSA-3550",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3550"
},
{
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012"
},
{
"name": "RHSA-2017:0641",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html"
},
{
"name": "RHSA-2016:2588",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html"
},
{
"name": "1036487",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036487"
},
{
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8325"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180628-0001/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8325",
"datePublished": "2016-05-01T00:00:00.000Z",
"dateReserved": "2015-11-24T00:00:00.000Z",
"dateUpdated": "2026-05-22T14:29:32.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-10009 (GCVE-0-2016-10009)
Vulnerability from cvelistv5 – Published: 2017-01-05 00:00 – Updated: 2025-02-13 16:27
VLAI
EPSS
Summary
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
| URL | Tags |
|---|---|
| https://github.com/openbsd/src/commit/9476ce1dd37… | |
| https://www.exploit-db.com/exploits/40963/ | exploit |
| https://security.netapp.com/advisory/ntap-2017113… | |
| http://www.securityfocus.com/bid/94968 | vdb-entry |
| http://www.openwall.com/lists/oss-security/2016/12/19/2 | mailing-list |
| http://www.securitytracker.com/id/1037490 | vdb-entry |
| https://support.hpe.com/hpsc/doc/public/display?d… | |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisory |
| https://usn.ubuntu.com/3538-1/ | vendor-advisory |
| http://www.slackware.com/security/viewer.php?l=sl… | |
| https://access.redhat.com/errata/RHSA-2017:2029 | vendor-advisory |
| http://packetstormsecurity.com/files/140261/OpenS… | |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-list |
| https://www.openssh.com/txt/release-7.4 | |
| https://bugs.chromium.org/p/project-zero/issues/d… | |
| https://cert-portal.siemens.com/productcert/pdf/s… | |
| http://www.openwall.com/lists/oss-security/2023/07/19/9 | mailing-list |
| http://seclists.org/fulldisclosure/2023/Jul/31 | mailing-list |
| http://www.openwall.com/lists/oss-security/2023/07/20/1 | mailing-list |
| http://packetstormsecurity.com/files/173661/OpenS… |
Date Public
2016-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
},
{
"name": "40963",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40963/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "94968",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94968"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"name": "FreeBSD-SA-17:01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"name": "USN-3538-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3538-1/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"name": "[oss-security] 20230719 CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9"
},
{
"name": "20230719 CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/31"
},
{
"name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-20T11:06:10.382Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
},
{
"name": "40963",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40963/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "94968",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/94968"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"name": "FreeBSD-SA-17:01",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"name": "USN-3538-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3538-1/"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"name": "[oss-security] 20230719 CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9"
},
{
"name": "20230719 CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/31"
},
{
"name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10009",
"datePublished": "2017-01-05T00:00:00.000Z",
"dateReserved": "2016-12-19T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:14.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10010 (GCVE-0-2016-10010)
Vulnerability from cvelistv5 – Published: 2017-01-05 00:00 – Updated: 2024-08-06 03:07
VLAI
EPSS
Summary
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94972 | vdb-entry |
| https://security.netapp.com/advisory/ntap-2017113… | |
| http://www.openwall.com/lists/oss-security/2016/12/19/2 | mailing-list |
| http://www.securitytracker.com/id/1037490 | vdb-entry |
| https://support.hpe.com/hpsc/doc/public/display?d… | |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisory |
| http://www.slackware.com/security/viewer.php?l=sl… | |
| https://github.com/openbsd/src/commit/c76fac666ea… | |
| https://www.exploit-db.com/exploits/40962/ | exploit |
| https://bugs.chromium.org/p/project-zero/issues/d… | |
| http://packetstormsecurity.com/files/140262/OpenS… | |
| https://www.openssh.com/txt/release-7.4 | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public
2016-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94972"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"name": "FreeBSD-SA-17:01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce"
},
{
"name": "40962",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40962/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1010"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/94972"
},
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"name": "FreeBSD-SA-17:01",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"url": "https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce"
},
{
"name": "40962",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40962/"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1010"
},
{
"url": "http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10010",
"datePublished": "2017-01-05T00:00:00.000Z",
"dateReserved": "2016-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:32.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10011 (GCVE-0-2016-10011)
Vulnerability from cvelistv5 – Published: 2017-01-05 00:00 – Updated: 2024-08-06 03:07
VLAI
EPSS
Summary
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://security.netapp.com/advisory/ntap-2017113… | |
| http://www.openwall.com/lists/oss-security/2016/12/19/2 | mailing-list |
| http://www.securitytracker.com/id/1037490 | vdb-entry |
| https://github.com/openbsd/src/commit/ac8147a06ed… | |
| https://support.hpe.com/hpsc/doc/public/display?d… | |
| http://www.slackware.com/security/viewer.php?l=sl… | |
| https://access.redhat.com/errata/RHSA-2017:2029 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-list |
| http://www.securityfocus.com/bid/94977 | vdb-entry |
| https://www.openssh.com/txt/release-7.4 | |
| https://cert-portal.siemens.com/productcert/pdf/s… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public
2016-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "94977",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94977"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"url": "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "94977",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/94977"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10011",
"datePublished": "2017-01-05T00:00:00.000Z",
"dateReserved": "2016-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:32.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10012 (GCVE-0-2016-10012)
Vulnerability from cvelistv5 – Published: 2017-01-05 00:00 – Updated: 2024-08-06 03:07
VLAI
EPSS
Summary
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://security.netapp.com/advisory/ntap-2017113… | |
| http://www.openwall.com/lists/oss-security/2016/12/19/2 | mailing-list |
| http://www.securitytracker.com/id/1037490 | vdb-entry |
| https://support.hpe.com/hpsc/doc/public/display?d… | |
| http://www.slackware.com/security/viewer.php?l=sl… | |
| https://access.redhat.com/errata/RHSA-2017:2029 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-list |
| https://www.openssh.com/txt/release-7.4 | |
| http://www.securityfocus.com/bid/94975 | vdb-entry |
| https://github.com/openbsd/src/commit/3095060f479… | |
| https://support.f5.com/csp/article/K62201745?utm_… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public
2016-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"name": "94975",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94975"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"name": "94975",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/94975"
},
{
"url": "https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9"
},
{
"url": "https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10012",
"datePublished": "2017-01-05T00:00:00.000Z",
"dateReserved": "2016-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:31.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20685 (GCVE-0-2018-20685)
Vulnerability from cvelistv5 – Published: 2019-01-10 00:00 – Updated: 2025-12-17 21:53
VLAI
EPSS
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Severity
5.3 (Medium)
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2019/dsa-4387 | vendor-advisory |
| https://usn.ubuntu.com/3885-1/ | vendor-advisory |
| https://github.com/openssh/openssh-portable/commi… | |
| https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr… | |
| https://security.netapp.com/advisory/ntap-2019021… | |
| http://www.securityfocus.com/bid/106531 | vdb-entry |
| https://sintonen.fi/advisories/scp-client-multipl… | |
| https://security.gentoo.org/glsa/201903-16 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-list |
| https://www.oracle.com/technetwork/security-advis… | |
| https://www.oracle.com/technetwork/security-advis… | |
| https://access.redhat.com/errata/RHSA-2019:3702 | vendor-advisory |
| https://security.gentoo.org/glsa/202007-53 | vendor-advisory |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public
2019-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
},
{
"name": "106531",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106531"
},
{
"tags": [
"x_transferred"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"name": "GLSA-202007-53",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-53"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-20685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:53:24.729008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:53:56.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
},
{
"name": "106531",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/106531"
},
{
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"name": "GLSA-202007-53",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202007-53"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20685",
"datePublished": "2019-01-10T00:00:00.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2025-12-17T21:53:56.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-0054 (GCVE-0-2019-0054)
Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-17 00:36
VLAI
EPSS
Title
Junos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks during app-id signature updates.
Summary
An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.
Severity
6.8 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10952 | x_refsource_MISC |
| https://www.juniper.net/documentation/en_US/junos… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
15.1X49 , < 15.1X49-D120
(custom)
|
Date Public
2019-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10952"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application-identification-overview.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1X49-D120",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimum configuration is required:\n services application-identification"
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300 Channel Accessible by Non-Endpoint (\u0027Man-in-the-Middle\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:26:17.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA10952"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application-identification-overview.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1X49-D120, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10952",
"defect": [
"1291665"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks during app-id signature updates.",
"workarounds": [
{
"lang": "en",
"value": "Set the following command in the device for affected releases:\n\n set services application-identification download secure-download"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
"ID": "CVE-2019-0054",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks during app-id signature updates."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D120"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimum configuration is required:\n services application-identification"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-300 Channel Accessible by Non-Endpoint (\u0027Man-in-the-Middle\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10952",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA10952"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application-identification-overview.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application-identification-overview.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1X49-D120, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10952",
"defect": [
"1291665"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Set the following command in the device for affected releases:\n\n set services application-identification download secure-download"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0054",
"datePublished": "2019-10-09T19:26:17.333Z",
"dateReserved": "2018-10-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:21.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0055 (GCVE-0-2019-0055)
Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-16 22:08
VLAI
EPSS
Title
Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled.
Summary
A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.
Severity
7.5 (High)
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10953 | x_refsource_MISC |
| https://www.juniper.net/documentation/en_US/junos… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3X48 , < 12.3X48-D61, 12.3X48-D65
(custom)
Affected: 15.1X49 , < 15.1X49-D130 (custom) Affected: 17.3 , < 17.3R3 (custom) Affected: 17.4 , < 17.4R2 (custom) |
Date Public
2019-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10953"
},
{
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3X48-D61, 12.3X48-D65",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D130",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
},
{
"lessThan": "17.3R3",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue only affects SRX Series devices where SIP ALG is enabled.\nThe following minimum configuration is required: \n set security alg sip"
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:26:17.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA10953"
},
{
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D61, 12.3X48-D65, 15.1X49-D130, 17.3R3, 17.4R2, 18.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10953",
"defect": [
"1329170"
],
"discovery": "USER"
},
"title": "Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled.",
"workarounds": [
{
"lang": "en",
"value": "Disable SIP ALG if this is not needed, otherwise there are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
"ID": "CVE-2019-0055",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "12.3X48",
"version_value": "12.3X48-D61, 12.3X48-D65"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D130"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue only affects SRX Series devices where SIP ALG is enabled.\nThe following minimum configuration is required: \n set security alg sip"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter Inconsistency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10953",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA10953"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html",
"refsource": "MLIST",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D61, 12.3X48-D65, 15.1X49-D130, 17.3R3, 17.4R2, 18.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10953",
"defect": [
"1329170"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Disable SIP ALG if this is not needed, otherwise there are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0055",
"datePublished": "2019-10-09T19:26:17.374Z",
"dateReserved": "2018-10-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:08:51.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0056 (GCVE-0-2019-0056)
Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-16 18:29
VLAI
EPSS
Title
Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device.
Summary
This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE's on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.
Severity
7.5 (High)
CWE
- CWE-410 - Insufficient Resource Pool
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10954 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.1 , < 18.1R2-S4, 18.1R3-S5
(custom)
Affected: 18.2 , < 18.2R1-S5, 18.2R2-S3, 18.2R3 (custom) Affected: 18.2X75 , < 18.2X75-D50 (custom) Affected: 18.3 , < 18.3R1-S4, 18.3R2, 18.3R3 (custom) Affected: 18.4 , < 18.4R1-S2, 18.4R2 (custom) Affected: 18.1X75-D10 , < 18.1X75* (custom) |
Date Public
2019-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX480, MX960, MX2008, MX2010, MX2020"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.1R2-S4, 18.1R3-S5",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R1-S5, 18.2R2-S3, 18.2R3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D50",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S4, 18.3R2, 18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S2, 18.4R2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "18.1X75*",
"status": "affected",
"version": "18.1X75-D10",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "OSPF configuration examples can be found at https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ospf-configuring-interfaces.html#jd0e229"
},
{
"lang": "en",
"value": "You can issue show chassis at the device to determine if there are multiple MCP10\u0027s in your system. For example:\n root@device\u003e show chassis fpc pic-status\n Slot 1 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP\n Slot 2 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP\n Slot 3 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP"
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This issue only affects devices with three (3) or more MPC10\u0027s installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device\u0027s Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE\u0027s on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-410",
"description": "CWE-410 Insufficient Resource Pool",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:26:17.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA10954"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S5, 18.2R1-S5, 18.2R2-S3, 18.2R3, 18.2X75-D50, 18.3R1-S4, 18.3R2, 18.3R3, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10954",
"defect": [
"1418955"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device.",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
"ID": "CVE-2019-0056",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX480, MX960, MX2008, MX2010, MX2020",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S5"
},
{
"platform": "MX480, MX960, MX2008, MX2010, MX2020",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R1-S5, 18.2R2-S3, 18.2R3"
},
{
"platform": "MX480, MX960, MX2008, MX2010, MX2020",
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D50"
},
{
"platform": "MX480, MX960, MX2008, MX2010, MX2020",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S4, 18.3R2, 18.3R3"
},
{
"platform": "MX480, MX960, MX2008, MX2010, MX2020",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S2, 18.4R2"
},
{
"platform": "MX480, MX960, MX2008, MX2010, MX2020",
"version_affected": "\u003e=",
"version_name": "18.1X75",
"version_value": "18.1X75-D10"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "OSPF configuration examples can be found at https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ospf-configuring-interfaces.html#jd0e229"
},
{
"lang": "en",
"value": "You can issue show chassis at the device to determine if there are multiple MCP10\u0027s in your system. For example:\n root@device\u003e show chassis fpc pic-status\n Slot 1 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP\n Slot 2 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP\n Slot 3 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue only affects devices with three (3) or more MPC10\u0027s installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device\u0027s Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE\u0027s on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-410 Insufficient Resource Pool"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10954",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA10954"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S5, 18.2R1-S5, 18.2R2-S3, 18.2R3, 18.2X75-D50, 18.3R1-S4, 18.3R2, 18.3R3, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10954",
"defect": [
"1418955"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0056",
"datePublished": "2019-10-09T19:26:17.416Z",
"dateReserved": "2018-10-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:29:55.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0057 (GCVE-0-2019-0057)
Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-17 00:25
VLAI
EPSS
Title
NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system.
Summary
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.
Severity
7.8 (High)
CWE
- CWE 285 Improper Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10955 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 18.2R1, 18.2X75-D5
(custom)
|
Date Public
2019-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"NFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.2R1, 18.2X75-D5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 285 Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:26:17.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA10955"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.2R1, 18.2X75-D5, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10955",
"defect": [
"1341370"
],
"discovery": "INTERNAL"
},
"title": "NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
"ID": "CVE-2019-0057",
"STATE": "PUBLIC",
"TITLE": "NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_value": "18.2R1, 18.2X75-D5"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10955",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA10955"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.2R1, 18.2X75-D5, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10955",
"defect": [
"1341370"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0057",
"datePublished": "2019-10-09T19:26:17.458Z",
"dateReserved": "2018-10-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:25:27.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…