ID JUNIPER_JSA10787.NASL Type nessus Reporter Tenable Modified 2018-08-10T00:00:00
Description
According to its self-reported version number and configuration, the remote Juniper Junos device is affected by a privilege escalation vulnerability when running in a virtualized environment due to improper handling of authentication. An attacker on the Junos guest can exploit this to escalate privileges and gain access to the host operating system.
#TRUSTED 1b8845f649b71a5993ff8c625349cb442302ed686e8c474063d7f9f44a55796a3888b9cbb1b9089518d1366ba8af35f5242330466cbb9b8062cb92033dc53d412d7fea91983494d63873c514740676facfd6ea49b6ed4a344c3f1c7d16e1ff587b0d97c06bb08e0fd3e020d68a8a6e0cd68a8ccdbf86d627e1e5a6fb64a8404620ac52060f3574466b9ff91f2ff8114a910aad17f437e778e2aacafc9abc984c3de1cc2719a8ebb2f2b4bdd2e99a9a7cd19b2536aaf529e2a666d0c50488efcbedc82d57de51908ad506fad32c0f8569fe95592534ab9c08cdff557e70e49df0f381a2052cf33c28c7f64d3ea51e0fe7a1b967c7b2be30656a34a528f0dbd0d6fcfaca62f65e8cd2d94ad3fca4a32e1a162c574d44202e8d421001ad48e69f6beec177fd0d762e718785ef1009374c8a41c64c45cbc36c517c7463f695ec87d2e1718e0fbaa407c187f18ac519c431390aea0fd4552e8f4f10983c4800b7eaf71c2e22aa79d9723a5b3ea387902c12d7de703777e576bf4fe0306653cf01e30233410df53d23dfb6313af402e482cc0552ec8ab14db4438fb6e6444b7f1dafc88ca995fb8b891d4d998725ef6d1fd3cca1e43bd99275390e7fef7a220c23ab120768d30f7b839a1dd72fa433689ec41449cd771e1a77014fd33557a356449c6453fb01836d5ef8558f555f3cd5087f49dd2591d8bef7138281a3da29d32379a8
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(102701);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2018/08/10");
script_cve_id("CVE-2017-2341");
script_xref(name:"JSA", value:"JSA10787");
script_name(english:"Juniper Junos Virtualized Environment Guest-To-Host Privilege Escalation (JSA10787)");
script_summary(english:"Checks the Junos version, model, and configuration.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a privilege escalation
vulnerability when running in a virtualized environment due to
improper handling of authentication. An attacker on the Junos guest
can exploit this to escalate privileges and gain access to the host
operating system.");
script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10787. Alternatively, as a workaround, enable
FIPS mode.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/12");
script_set_attribute(attribute:"patch_publication_date", value:"2017/07/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/23");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
exit(0);
}
include("audit.inc");
include("junos_kb_cmd_func.inc");
include("misc_func.inc");
ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
model = get_kb_item_or_exit('Host/Juniper/model');
if (model !~ "^QFX(5110|5200|10002|10008|10016)" &&
model !~ "^EX4600[1-4]" &&
model !~ "^NFX250" &&
model !~ "^SRX(1500|4100|4200)" &&
model !~ "^ACX5\d\d\d" &&
model !~ "^vSRX"
)
audit(AUDIT_HOST_NOT, 'an affected model.');
fixes = make_array();
fixes['14.1X53'] = '14.1X53-D40';
fixes['15.1X49'] = '15.1X49-D70';
fixes['15.1'] = '15.1R5';
fixes['16.1'] = '16.1R2';
fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
# If FIPS is enabled it isn't vulnerable.
override = TRUE;
buf = junos_command_kb_item(cmd:"show configuration | display set");
if (buf)
{
override = FALSE;
pattern = "^set system fips level [1-4]";
if (junos_check_config(buf:buf, pattern:pattern))
audit(AUDIT_HOST_NOT, 'vulnerable because it has FIPS mode enabled.');
}
junos_report(ver:ver, fix:fix, model:model, override:override, severity:SECURITY_HOLE);
{"id": "JUNIPER_JSA10787.NASL", "bulletinFamily": "scanner", "title": "Juniper Junos Virtualized Environment Guest-To-Host Privilege Escalation (JSA10787)", "description": "According to its self-reported version number and configuration, the remote Juniper Junos device is affected by a privilege escalation vulnerability when running in a virtualized environment due to improper handling of authentication. An attacker on the Junos guest can exploit this to escalate privileges and gain access to the host operating system.", "published": "2017-08-23T00:00:00", "modified": "2018-08-10T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=102701", "reporter": "Tenable", "references": ["https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787"], "cvelist": ["CVE-2017-2341"], "type": "nessus", "lastseen": "2018-08-11T09:32:05", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2017-2341"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "According to its self-reported version number and configuration, the remote Juniper Junos device is affected by a privilege escalation vulnerability when running in a virtualized environment due to improper handling of authentication. An attacker on the Junos guest can exploit this to escalate privileges and gain access to the host operating system.", "edition": 1, "enchantments": {}, "hash": "0d977080517604244adef40a8b4a4fa7394d0508e4ea9d73bb915f64e140c50c", "hashmap": [{"hash": "f44fb98241ad612bdd34e6e796e60393", "key": "naslFamily"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6925b2be96b7f78f1cb974c16ab54972", "key": "sourceData"}, {"hash": "b1cc9bfad433f7ef8d5b7d0662efd8a4", "key": "title"}, {"hash": "e21d3980ce5420836cf11cdcdfe7a2f4", "key": "references"}, {"hash": "8047ad65270b92ffe0f31d853958f881", "key": "modified"}, {"hash": "b22558fffa85d983964f1262cdc6a29d", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5bfb2c2c283abcb93ff4c572e9ed4c62", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8047ad65270b92ffe0f31d853958f881", "key": "published"}, {"hash": "e76a7cbc8797aaa379022b5c26037760", "key": "href"}, {"hash": "4ae8a0d4cd6fac4462d94463afb9e337", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102701", "id": "JUNIPER_JSA10787.NASL", "lastseen": "2017-08-24T05:16:56", "modified": "2017-08-23T00:00:00", "naslFamily": "Junos Local Security Checks", "objectVersion": "1.3", "pluginID": "102701", "published": "2017-08-23T00:00:00", "references": ["https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787"], "reporter": "Tenable", "sourceData": "#TRUSTED 5480e3565f98fde0c0afd895a568294844045b331342d31232aaab688bda8aa44fe8dadb3b79d861492fbd428c4b3a3f2461971672519ccf9665d29535f5fcbdcf6c3c8d6ccfc8ce1e73c5b5e5a5084aac6d9ccbca40fc4f6802a5fcc9ddff9b810e11fd07755105df1cc4c123cff236744493feeb34687fde9a1d27652e75c5f5d9fb79f6680efd21c84a52f95146bd838cb6a690013d12a30c6c2cd1f115126b76e79615d54c4183309a0f839e5caa62d3a6db0bf741f92f26706c0350a27413e897a0068bcca6ef3a54b9b99dc98d9cba52754107faef9ecc24fb2ad12a4b337660b0a794556676826fb03e1006ebb974d8452ca472c1765882e6fe59c1fe8ce3057213dd79020eb18b0e9e2a808f660edff30a4e61d8a00e3441c8f133ba79fe6bb17fb314f32fa889cc131c63706a586ef50cb89acdc69d67b435fc37dbfbfc1a685a7ebe3f29ca2f3b87d0c7dc3f9695c0828b4a1df299a1de4efd28a97b58931b86473ff1846044c7966b25f0aac8223be485463403123d4e426a65b236569210f450f4338625dd1bcc118d3526acf70ca47388e68784101859e84cd8de4ecc1255858d8d8a2cdeb3d9e30b3ad15fcc0b4655cd976a8bb74064202154b12934584c749d708fbc429401a89613cd84d377b8f8e748232897944855efc1bb64858493cecffbc161b82c718d67e4afe04e246107b5f7a19ca556246fda25\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102701);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/08/23\");\n\n script_cve_id(\"CVE-2017-2341\");\n script_osvdb_id(160899);\n script_xref(name:\"JSA\", value:\"JSA10787\");\n\n script_name(english:\"Juniper Junos Virtualized Environment Guest-To-Host Privilege Escalation (JSA10787)\");\n script_summary(english:\"Checks the Junos version, model, and configuration.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number and configuration, the\nremote Juniper Junos device is affected by a privilege escalation\nvulnerability when running in a virtualized environment due to\nimproper handling of authentication. An attacker on the Junos guest\ncan exploit this to escalate privileges and gain access to the host\noperating system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant Junos software release referenced in Juniper\nsecurity advisory JSA10787. Alternatively, as a workaround, enable\nFIPS mode.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\", \"Host/Juniper/model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos_kb_cmd_func.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nmodel = get_kb_item_or_exit('Host/Juniper/model');\n\nif (model !~ \"^QFX(5110|5200|10002|10008|10016)\" &&\n model !~ \"^EX4600[1-4]\" &&\n model !~ \"^NFX250\" &&\n model !~ \"^SRX(1500|4100|4200)\" &&\n model !~ \"^ACX5\\d\\d\\d\" &&\n model !~ \"^vSRX\"\n )\n audit(AUDIT_HOST_NOT, 'an affected model.');\n\nfixes = make_array();\n\nfixes['14.1X53'] = '14.1X53-D40';\nfixes['15.1X49'] = '15.1X49-D70';\nfixes['15.1'] = '15.1R5';\nfixes['16.1'] = '16.1R2';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\n# If FIPS is enabled it isn't vulnerable.\noverride = TRUE;\nbuf = junos_command_kb_item(cmd:\"show configuration | display set\");\nif (buf)\n{\n override = FALSE;\n pattern = \"^set system fips level [1-4]\";\n if (junos_check_config(buf:buf, pattern:pattern))\n audit(AUDIT_HOST_NOT, 'vulnerable because it has FIPS mode enabled.');\n}\n\njunos_report(ver:ver, fix:fix, model:model, override:override, severity:SECURITY_HOLE);\n", "title": "Juniper Junos Virtualized Environment Guest-To-Host Privilege Escalation (JSA10787)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2017-08-24T05:16:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:juniper:junos"], "cvelist": ["CVE-2017-2341"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "According to its self-reported version number and configuration, the remote Juniper Junos device is affected by a privilege escalation vulnerability when running in a virtualized environment due to improper handling of authentication. An attacker on the Junos guest can exploit this to escalate privileges and gain access to the host operating system.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "5a44d57bb322db8941cf044b2eb1353b5a015df03f4c81dd996a7c85a6bfaca0", "hashmap": [{"hash": "f44fb98241ad612bdd34e6e796e60393", "key": "naslFamily"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6925b2be96b7f78f1cb974c16ab54972", "key": "sourceData"}, {"hash": "b1cc9bfad433f7ef8d5b7d0662efd8a4", "key": "title"}, {"hash": "e21d3980ce5420836cf11cdcdfe7a2f4", "key": "references"}, {"hash": "8047ad65270b92ffe0f31d853958f881", "key": "modified"}, {"hash": "b22558fffa85d983964f1262cdc6a29d", "key": "description"}, {"hash": "a9dcf995223f353eda7bf326345d8e06", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5bfb2c2c283abcb93ff4c572e9ed4c62", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8047ad65270b92ffe0f31d853958f881", "key": "published"}, {"hash": "e76a7cbc8797aaa379022b5c26037760", "key": "href"}, {"hash": "4ae8a0d4cd6fac4462d94463afb9e337", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102701", "id": "JUNIPER_JSA10787.NASL", "lastseen": "2017-10-29T13:44:11", "modified": "2017-08-23T00:00:00", "naslFamily": "Junos Local Security Checks", "objectVersion": "1.3", "pluginID": "102701", "published": "2017-08-23T00:00:00", "references": ["https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787"], "reporter": "Tenable", "sourceData": "#TRUSTED 5480e3565f98fde0c0afd895a568294844045b331342d31232aaab688bda8aa44fe8dadb3b79d861492fbd428c4b3a3f2461971672519ccf9665d29535f5fcbdcf6c3c8d6ccfc8ce1e73c5b5e5a5084aac6d9ccbca40fc4f6802a5fcc9ddff9b810e11fd07755105df1cc4c123cff236744493feeb34687fde9a1d27652e75c5f5d9fb79f6680efd21c84a52f95146bd838cb6a690013d12a30c6c2cd1f115126b76e79615d54c4183309a0f839e5caa62d3a6db0bf741f92f26706c0350a27413e897a0068bcca6ef3a54b9b99dc98d9cba52754107faef9ecc24fb2ad12a4b337660b0a794556676826fb03e1006ebb974d8452ca472c1765882e6fe59c1fe8ce3057213dd79020eb18b0e9e2a808f660edff30a4e61d8a00e3441c8f133ba79fe6bb17fb314f32fa889cc131c63706a586ef50cb89acdc69d67b435fc37dbfbfc1a685a7ebe3f29ca2f3b87d0c7dc3f9695c0828b4a1df299a1de4efd28a97b58931b86473ff1846044c7966b25f0aac8223be485463403123d4e426a65b236569210f450f4338625dd1bcc118d3526acf70ca47388e68784101859e84cd8de4ecc1255858d8d8a2cdeb3d9e30b3ad15fcc0b4655cd976a8bb74064202154b12934584c749d708fbc429401a89613cd84d377b8f8e748232897944855efc1bb64858493cecffbc161b82c718d67e4afe04e246107b5f7a19ca556246fda25\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102701);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/08/23\");\n\n script_cve_id(\"CVE-2017-2341\");\n script_osvdb_id(160899);\n script_xref(name:\"JSA\", value:\"JSA10787\");\n\n script_name(english:\"Juniper Junos Virtualized Environment Guest-To-Host Privilege Escalation (JSA10787)\");\n script_summary(english:\"Checks the Junos version, model, and configuration.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number and configuration, the\nremote Juniper Junos device is affected by a privilege escalation\nvulnerability when running in a virtualized environment due to\nimproper handling of authentication. An attacker on the Junos guest\ncan exploit this to escalate privileges and gain access to the host\noperating system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant Junos software release referenced in Juniper\nsecurity advisory JSA10787. Alternatively, as a workaround, enable\nFIPS mode.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\", \"Host/Juniper/model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos_kb_cmd_func.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nmodel = get_kb_item_or_exit('Host/Juniper/model');\n\nif (model !~ \"^QFX(5110|5200|10002|10008|10016)\" &&\n model !~ \"^EX4600[1-4]\" &&\n model !~ \"^NFX250\" &&\n model !~ \"^SRX(1500|4100|4200)\" &&\n model !~ \"^ACX5\\d\\d\\d\" &&\n model !~ \"^vSRX\"\n )\n audit(AUDIT_HOST_NOT, 'an affected model.');\n\nfixes = make_array();\n\nfixes['14.1X53'] = '14.1X53-D40';\nfixes['15.1X49'] = '15.1X49-D70';\nfixes['15.1'] = '15.1R5';\nfixes['16.1'] = '16.1R2';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\n# If FIPS is enabled it isn't vulnerable.\noverride = TRUE;\nbuf = junos_command_kb_item(cmd:\"show configuration | display set\");\nif (buf)\n{\n override = FALSE;\n pattern = \"^set system fips level [1-4]\";\n if (junos_check_config(buf:buf, pattern:pattern))\n audit(AUDIT_HOST_NOT, 'vulnerable because it has FIPS mode enabled.');\n}\n\njunos_report(ver:ver, fix:fix, model:model, override:override, severity:SECURITY_HOLE);\n", "title": "Juniper Junos Virtualized Environment Guest-To-Host Privilege Escalation (JSA10787)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:44:11"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "a9dcf995223f353eda7bf326345d8e06"}, {"key": "cvelist", "hash": "4ae8a0d4cd6fac4462d94463afb9e337"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "b22558fffa85d983964f1262cdc6a29d"}, {"key": "href", "hash": "e76a7cbc8797aaa379022b5c26037760"}, {"key": "modified", "hash": "9c6fe61712654f56360b12011e3de300"}, {"key": "naslFamily", "hash": "f44fb98241ad612bdd34e6e796e60393"}, {"key": "pluginID", "hash": "5bfb2c2c283abcb93ff4c572e9ed4c62"}, {"key": "published", "hash": "8047ad65270b92ffe0f31d853958f881"}, {"key": "references", "hash": "e21d3980ce5420836cf11cdcdfe7a2f4"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "724191cf19f98cf6ba101fe1188e8ac0"}, {"key": "title", "hash": "b1cc9bfad433f7ef8d5b7d0662efd8a4"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "93c4a072118cdda0882139a9da829a404f185772aa5ab1e526e1fbf3da2720b9", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#TRUSTED 1b8845f649b71a5993ff8c625349cb442302ed686e8c474063d7f9f44a55796a3888b9cbb1b9089518d1366ba8af35f5242330466cbb9b8062cb92033dc53d412d7fea91983494d63873c514740676facfd6ea49b6ed4a344c3f1c7d16e1ff587b0d97c06bb08e0fd3e020d68a8a6e0cd68a8ccdbf86d627e1e5a6fb64a8404620ac52060f3574466b9ff91f2ff8114a910aad17f437e778e2aacafc9abc984c3de1cc2719a8ebb2f2b4bdd2e99a9a7cd19b2536aaf529e2a666d0c50488efcbedc82d57de51908ad506fad32c0f8569fe95592534ab9c08cdff557e70e49df0f381a2052cf33c28c7f64d3ea51e0fe7a1b967c7b2be30656a34a528f0dbd0d6fcfaca62f65e8cd2d94ad3fca4a32e1a162c574d44202e8d421001ad48e69f6beec177fd0d762e718785ef1009374c8a41c64c45cbc36c517c7463f695ec87d2e1718e0fbaa407c187f18ac519c431390aea0fd4552e8f4f10983c4800b7eaf71c2e22aa79d9723a5b3ea387902c12d7de703777e576bf4fe0306653cf01e30233410df53d23dfb6313af402e482cc0552ec8ab14db4438fb6e6444b7f1dafc88ca995fb8b891d4d998725ef6d1fd3cca1e43bd99275390e7fef7a220c23ab120768d30f7b839a1dd72fa433689ec41449cd771e1a77014fd33557a356449c6453fb01836d5ef8558f555f3cd5087f49dd2591d8bef7138281a3da29d32379a8\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102701);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/08/10\");\n\n script_cve_id(\"CVE-2017-2341\");\n script_xref(name:\"JSA\", value:\"JSA10787\");\n\n script_name(english:\"Juniper Junos Virtualized Environment Guest-To-Host Privilege Escalation (JSA10787)\");\n script_summary(english:\"Checks the Junos version, model, and configuration.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number and configuration, the\nremote Juniper Junos device is affected by a privilege escalation\nvulnerability when running in a virtualized environment due to\nimproper handling of authentication. An attacker on the Junos guest\ncan exploit this to escalate privileges and gain access to the host\noperating system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant Junos software release referenced in Juniper\nsecurity advisory JSA10787. Alternatively, as a workaround, enable\nFIPS mode.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\", \"Host/Juniper/model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos_kb_cmd_func.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nmodel = get_kb_item_or_exit('Host/Juniper/model');\n\nif (model !~ \"^QFX(5110|5200|10002|10008|10016)\" &&\n model !~ \"^EX4600[1-4]\" &&\n model !~ \"^NFX250\" &&\n model !~ \"^SRX(1500|4100|4200)\" &&\n model !~ \"^ACX5\\d\\d\\d\" &&\n model !~ \"^vSRX\"\n )\n audit(AUDIT_HOST_NOT, 'an affected model.');\n\nfixes = make_array();\n\nfixes['14.1X53'] = '14.1X53-D40';\nfixes['15.1X49'] = '15.1X49-D70';\nfixes['15.1'] = '15.1R5';\nfixes['16.1'] = '16.1R2';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\n# If FIPS is enabled it isn't vulnerable.\noverride = TRUE;\nbuf = junos_command_kb_item(cmd:\"show configuration | display set\");\nif (buf)\n{\n override = FALSE;\n pattern = \"^set system fips level [1-4]\";\n if (junos_check_config(buf:buf, pattern:pattern))\n audit(AUDIT_HOST_NOT, 'vulnerable because it has FIPS mode enabled.');\n}\n\njunos_report(ver:ver, fix:fix, model:model, override:override, severity:SECURITY_HOLE);\n", "naslFamily": "Junos Local Security Checks", "pluginID": "102701", "cpe": ["cpe:/o:juniper:junos"]}
{"result": {"cve": [{"lastseen": "2017-07-27T10:54:28", "references": ["https://kb.juniper.net/JSA10787", "http://www.securitytracker.com/id/1038893"], "description": "An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110, QFX5200, QFX10002, QFX10008, QFX10016, EX4600 and NFX250; 15.1 prior to 15.1R5 on EX4600; 15.1X49 prior to 15.1X49-D70 on vSRX, SRX1500, SRX4100, SRX4200; 16.1 prior to 16.1R2 on EX4600, ACX5000 series. This issue does not affect vMX. No other Juniper Networks products or platforms are affected by this issue.", "edition": 2, "reporter": "NVD", "published": "2017-07-17T09:18:24", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "CVE-2017-2341", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-2341"], "scanner": [], "cpe": ["cpe:/o:juniper:junos:15.1:f2-s3", "cpe:/o:juniper:junos:15.1x49:d65", "cpe:/o:juniper:junos:15.1x49:d40", "cpe:/o:juniper:junos:15.1", "cpe:/o:juniper:junos:15.1:f5", "cpe:/o:juniper:junos:15.1:f2-s1", "cpe:/o:juniper:junos:14.1x53-d15", "cpe:/o:juniper:junos:14.1x53-d26", "cpe:/o:juniper:junos:15.1:f3", "cpe:/o:juniper:junos:14.1x53-d10", "cpe:/o:juniper:junos:15.1:a1", "cpe:/o:juniper:junos:15.1:f6", "cpe:/o:juniper:junos:15.1x49:d60", "cpe:/o:juniper:junos:15.1:f7", "cpe:/o:juniper:junos:14.1x53", "cpe:/o:juniper:junos:15.1x49:d20", "cpe:/o:juniper:junos:15.1:r4", "cpe:/o:juniper:junos:14.1x53-d27", "cpe:/o:juniper:junos:15.1x49:d50", "cpe:/o:juniper:junos:15.1x49:d30", "cpe:/o:juniper:junos:14.1x53-d30", "cpe:/o:juniper:junos:15.1:r3", "cpe:/o:juniper:junos:15.1:f2-s2", "cpe:/o:juniper:junos:16.1:r1", "cpe:/o:juniper:junos:16.1", "cpe:/o:juniper:junos:14.1x53-d25", "cpe:/o:juniper:junos:15.1:f2-s4", "cpe:/o:juniper:junos:15.1:r1", "cpe:/o:juniper:junos:15.1:r2", "cpe:/o:juniper:junos:15.1x49:d45", "cpe:/o:juniper:junos:15.1x49:d10", "cpe:/o:juniper:junos:15.1x49", "cpe:/o:juniper:junos:15.1x49:d35", "cpe:/o:juniper:junos:15.1:f4", "cpe:/o:juniper:junos:15.1x49:d55", "cpe:/o:juniper:junos:14.1x53-d35", "cpe:/o:juniper:junos:15.1:f2", "cpe:/o:juniper:junos:15.1:f1"], "modified": "2017-07-26T13:39:14", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2341", "id": "CVE-2017-2341", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-08-15T11:27:28", "references": ["http://kb.juniper.net/JSA10787"], "pluginID": "1361412562310106946", "description": "Junos OS is prone to a privilege escalation vulnerability.", "edition": 2, "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-07-13T00:00:00", "title": "Junos Privilege Escalation Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "JunOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2341"], "modified": "2017-07-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106946", "id": "OPENVAS:1361412562310106946", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_jsa10787.nasl 6812 2017-07-31 06:15:43Z cfischer $\n#\n# Junos Privilege Escalation Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106946\");\n script_version (\"$Revision: 6812 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-31 08:15:43 +0200 (Mon, 31 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-07-13 13:32:10 +0700 (Thu, 13 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-2341\");\n\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Junos Privilege Escalation Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\",\"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\", \"Junos/model\");\n\n script_tag(name: \"summary\", value: \"Junos OS is prone to a privilege escalation vulnerability.\");\n\n script_tag(name: \"vuldetect\" , value: \"Check the OS build.\");\n\n script_tag(name: \"insight\", value: \"An insufficient authentication vulnerability on platforms where Junos OS\ninstances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain\naccess to the host operating environment, and thus escalate privileges.\");\n\n script_tag(name: \"affected\", value: \"This issue affects Junos OS 14.1X53, 15.1, 15.1X49, 16.1. Affected\nplatforms: QFX5110, QFX5200, QFX10002, QFX10008, QFX10016, EX4600 and NFX250, EX4600, vSRX, SRX1500, SRX4100,\nSRX4200, ACX5000 series.\");\n\n script_tag(name: \"solution\" , value: \"New builds of Junos OS software are available from Juniper.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10787\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nmodel = get_kb_item(\"Junos/model\");\nif (!model || ((toupper(model) !~ '^(V)?SRX') && (toupper(model) !~ '^QFX(5110|5200|10002|10008|10016)') &&\n (toupper(model) !~ '^(ACX5000|EX4600|NFX250)')))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif ((revcomp(a: version, b: \"14.1X53-D40\") < 0) &&\n (revcomp(a: version, b: \"14.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1X53-D40\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"15.1R5\") < 0) &&\n (revcomp(a: version, b: \"15.1R\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1R5\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"15.1X49-D70\") < 0) &&\n (revcomp(a: version, b: \"15.1X49\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X49-D70\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"16.1R2\") < 0) &&\n (revcomp(a: version, b: \"16.1R\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"16.1R2\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}}
