github - ghsa-w85x-f52c-wvf8

ghsa-w85x-f52c-wvf8

Vulnerability from github

Published

2022-05-13 01:36

Modified

2022-05-13 01:36

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0009"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-10T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series.",
  "id": "GHSA-w85x-f52c-wvf8",
  "modified": "2022-05-13T01:36:02Z",
  "published": "2022-05-13T01:36:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0009"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10836"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102491"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040187"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2018-0009

Vulnerability from cvelistv5

Published

2018-01-10 22:00

Modified

2024-09-16 16:48

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Summary

SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured.

References

▼	URL	Tags
	https://kb.juniper.net/JSA10836	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040187	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/102491	vdb-entry, x_refsource_BID

Impacted products

▼	Vendor	Product
	Juniper Networks	Junos OS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10836"
          },
          {
            "name": "1040187",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040187"
          },
          {
            "name": "102491",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102491"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "SRX series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "12.1X46-D71",
              "status": "affected",
              "version": "12.1X46",
              "versionType": "custom"
            },
            {
              "lessThan": "12.3X48-D55",
              "status": "affected",
              "version": "12.3X48",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X49-D100",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue is only applicable to SRX series devices with a custom application configuration containing UUIDs that start with one or more zeros.\nFor example:\n  set applications application \u003capplication-name\u003e uuid 01234567-1234-1234-1234-123456789abc\nor \n  set applications application \u003capplication-name\u003e term \u003cterm-name\u003e uuid 01234567-1234-1234-1234-123456789abc"
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Firewall bypass vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-19T10:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10836"
        },
        {
          "name": "1040187",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040187"
        },
        {
          "name": "102491",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102491"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.3X48-D55, 15.1X49-D100, 17.3R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10836",
        "defect": [
          "1261522"
        ],
        "discovery": "USER"
      },
      "title": "SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured.",
      "workarounds": [
        {
          "lang": "en",
          "value": "Do not use UUIDs starting with zeros in the configuration."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2018-01-10T17:00:00.000Z",
          "ID": "CVE-2018-0009",
          "STATE": "PUBLIC",
          "TITLE": "SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "platform": "SRX series",
                            "version_affected": "\u003c",
                            "version_name": "12.1X46",
                            "version_value": "12.1X46-D71"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "SRX series",
                            "version_affected": "\u003c",
                            "version_name": "12.3X48",
                            "version_value": "12.3X48-D55"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "SRX series",
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D100"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue is only applicable to SRX series devices with a custom application configuration containing UUIDs that start with one or more zeros.\nFor example:\n  set applications application \u003capplication-name\u003e uuid 01234567-1234-1234-1234-123456789abc\nor \n  set applications application \u003capplication-name\u003e term \u003cterm-name\u003e uuid 01234567-1234-1234-1234-123456789abc"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Firewall bypass vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10836",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10836"
            },
            {
              "name": "1040187",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040187"
            },
            {
              "name": "102491",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102491"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.3X48-D55, 15.1X49-D100, 17.3R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA10836",
          "defect": [
            "1261522"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Do not use UUIDs starting with zeros in the configuration."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2018-0009",
    "datePublished": "2018-01-10T22:00:00Z",
    "dateReserved": "2017-11-16T00:00:00",
    "dateUpdated": "2024-09-16T16:48:50.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted