Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.JUNIPER_JSA10893.NASLHistoryJul 20, 2023 - 12:00 a.m.
Juniper Junos OS Vulnerability (JSA10893)
2023-07-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
juniper junos os
vulnerability
jsa10893
ipv6 exception
kernel crash
mx series
broadband edge
tomcat
subscriber management
cve-2018-0058
nessus
scanner
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
49.8%
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA10893 advisory.
- Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route processing on MX Series subscriber management platforms, introduced by the Tomcat (Next Generation Subscriber Management) functionality in Junos OS 15.1. This issue affects no other platforms or configurations. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8 on MX Series; 16.1 versions prior to 16.1R4-S11, 16.1R7-S2, 16.1R8 on MX Series; 16.2 versions prior to 16.2R3 on MX Series; 17.1 versions prior to 17.1R2-S9, 17.1R3 on MX Series; 17.2 versions prior to 17.2R2-S6, 17.2R3 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S2, 17.3R4 on MX Series; 17.4 versions prior to 17.4R2 on MX Series; 18.1 versions prior to 18.1R2-S3, 18.1R3 on MX Series; 18.2 versions prior to 18.2R1-S1, 18.2R2 on MX Series. (CVE-2018-0058)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(178671);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/20");
script_cve_id("CVE-2018-0058");
script_xref(name:"JSA", value:"JSA10893");
script_name(english:"Juniper Junos OS Vulnerability (JSA10893)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA10893
advisory.
- Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore),
causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route
processing on MX Series subscriber management platforms, introduced by the Tomcat (Next Generation
Subscriber Management) functionality in Junos OS 15.1. This issue affects no other platforms or
configurations. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8
on MX Series; 16.1 versions prior to 16.1R4-S11, 16.1R7-S2, 16.1R8 on MX Series; 16.2 versions prior to
16.2R3 on MX Series; 17.1 versions prior to 17.1R2-S9, 17.1R3 on MX Series; 17.2 versions prior to
17.2R2-S6, 17.2R3 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S2, 17.3R4 on MX Series; 17.4
versions prior to 17.4R2 on MX Series; 18.1 versions prior to 18.1R2-S3, 18.1R3 on MX Series; 18.2
versions prior to 18.2R1-S1, 18.2R2 on MX Series. (CVE-2018-0058)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://supportportal.juniper.net/s/article/2018-10-Security-Bulletin-MX-Series-In-BBE-configurations-receipt-of-a-crafted-IPv6-exception-packet-causes-a-Denial-of-Service-CVE-2018-0058
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e962e4cd");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA10893");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0058");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/10");
script_set_attribute(attribute:"patch_publication_date", value:"2018/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/20");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
exit(0);
}
include('junos.inc');
var model = get_kb_item_or_exit('Host/Juniper/model');
if (model !~ "^MX")
{
audit(AUDIT_DEVICE_NOT_VULN, model);
}
var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var vuln_ranges = [
{'min_ver':'15.1', 'fixed_ver':'15.1R7-S2', 'model':'^MX', 'fixed_display':'15.1R7-S2, 15.1R8'},
{'min_ver':'16.1', 'fixed_ver':'16.1R4-S11', 'model':'^MX', 'fixed_display':'16.1R4-S11, 16.1R8'},
{'min_ver':'16.1R7', 'fixed_ver':'16.1R7-S2', 'model':'^MX'},
{'min_ver':'16.2', 'fixed_ver':'16.2R3', 'model':'^MX'},
{'min_ver':'17.1', 'fixed_ver':'17.1R2-S9', 'model':'^MX', 'fixed_display':'17.1R2-S9, 17.1R3'},
{'min_ver':'17.2', 'fixed_ver':'17.2R2-S6', 'model':'^MX', 'fixed_display':'17.2R2-S6, 17.2R3'},
{'min_ver':'17.3', 'fixed_ver':'17.3R2-S4', 'model':'^MX', 'fixed_display':'17.3R2-S4, 17.3R4'},
{'min_ver':'17.3R3', 'fixed_ver':'17.3R3-S2', 'model':'^MX'},
{'min_ver':'17.4', 'fixed_ver':'17.4R2', 'model':'^MX'},
{'min_ver':'18.1', 'fixed_ver':'18.1R2-S3', 'model':'^MX', 'fixed_display':'18.1R2-S3, 18.1R3'},
{'min_ver':'18.2', 'fixed_ver':'18.2R1-S1', 'model':'^MX', 'fixed_display':'18.2R1-S1, 18.2R2'}
];
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);
Related
cvelist
cvelist
cve
cve
CVE-2018-0058
2018-10-10 18:29:03
nvd
nvd
CVE-2018-0058
2018-10-10 18:29:03
prion
prion
Code injection
2018-10-10 18:29:00
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
49.8%
Related for JUNIPER_JSA10893.NASL