CVE-2018-0025

🗓️ 11 Jul 2018 18:00:00Reported by juniperType

When SRX Series device is configured for HTTP/HTTPS pass-through authentication, initial credentials may be captured in follow-on requests by malicious actors. (CVE-2018-0025

Reporter	Title	Published	Views	Family All 7
ATTACKERKB	Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication	11 Jul 201818:29	–	attackerkb
Cvelist	CVE-2018-0025 Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication	11 Jul 201818:00	–	cvelist
EUVD	EUVD-2018-0849	7 Oct 202500:30	–	euvd
Tenable Nessus	Juniper Junos HTTP/HTTPS Firewall User Authentication Remote Information Disclosure (JSA10858)	20 Jul 201800:00	–	nessus
NVD	CVE-2018-0025	11 Jul 201818:29	–	nvd
OSV	CVE-2018-0025	11 Jul 201818:29	–	osv
Prion	Design/Logic Flaw	11 Jul 201818:29	–	prion

NVD

Vulners

Node

juniper junosMatch12.1x46

juniper junosMatch12.1x46d10

juniper junosMatch12.1x46d15

juniper junosMatch12.1x46d20

juniper junosMatch12.1x46d25

juniper junosMatch12.1x46d30

juniper junosMatch12.1x46d35

juniper junosMatch12.1x46d40

juniper junosMatch12.1x46d45

juniper junosMatch12.1x46d50

juniper junosMatch12.1x46d55

juniper junosMatch12.1x46d60

juniper junosMatch12.1x46d65

juniper junosMatch12.1x46d66

AND

juniper srx100Match-

juniper srx110Match-

juniper srx1400Match-

juniper srx1500Match-

juniper srx210Match-

juniper srx220Match-

juniper srx240Match-

juniper srx300Match-

juniper srx320Match-

juniper srx340Match-

juniper srx3400Match-

juniper srx345Match-

juniper srx3600Match-

juniper srx4100Match-

juniper srx4200Match-

juniper srx5400Match-

juniper srx550Match-

juniper srx5600Match-

juniper srx5800Match-

juniper srx650Match-

Node

juniper junosMatch12.3x48

juniper junosMatch12.3x48d10

juniper junosMatch12.3x48d15

juniper junosMatch12.3x48d20

AND

juniper srx100Match-

juniper srx110Match-

juniper srx1400Match-

juniper srx1500Match-

juniper srx210Match-

juniper srx220Match-

juniper srx240Match-

juniper srx300Match-

juniper srx320Match-

juniper srx340Match-

juniper srx3400Match-

juniper srx345Match-

juniper srx3600Match-

juniper srx4100Match-

juniper srx4200Match-

juniper srx5400Match-

juniper srx550Match-

juniper srx5600Match-

juniper srx5800Match-

juniper srx650Match-

Node

juniper junosMatch15.1x49

juniper junosMatch15.1x49d10

juniper junosMatch15.1x49d20

juniper junosMatch15.1x49d30

AND

juniper srx100Match-

juniper srx110Match-

juniper srx1400Match-

juniper srx1500Match-

juniper srx210Match-

juniper srx220Match-

juniper srx240Match-

juniper srx300Match-

juniper srx320Match-

juniper srx340Match-

juniper srx3400Match-

juniper srx345Match-

juniper srx3600Match-

juniper srx4100Match-

juniper srx4200Match-

juniper srx5400Match-

juniper srx550Match-

juniper srx5600Match-

juniper srx5800Match-

juniper srx650Match-

[
  {
    "platforms": [
      "SRX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "12.1X46-D67",
        "status": "affected",
        "version": "12.1X46",
        "versionType": "custom"
      },
      {
        "lessThan": "12.3X48-D25",
        "status": "affected",
        "version": "12.3X48",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X49-D35",
        "status": "affected",
        "version": "15.1X49",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kb	www.kb.juniper.net/JSA10858
juniper	www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html
securityfocus	www.securityfocus.com/bid/104719
juniper	www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html
securitytracker	www.securitytracker.com/id/1041316
juniper	www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html

21 Nov 2024 03:37Current

7.1High risk

Vulners AI Score7.1

CVSS 24.3

CVSS 36.1 - 8.1

EPSS0.0021