Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.JUNIPER_JSA11171.NASL
HistoryApr 15, 2021 - 12:00 a.m.

Juniper Junos OS Multiple Vulnerabilities (JSA11171)

2021-04-1500:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
454
JSON

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11171 advisory.

  • The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. (CVE-2016-9310)

  • The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. (CVE-2013-5211)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(148645);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/19");

  script_cve_id("CVE-2013-5211", "CVE-2016-9310");
  script_xref(name:"JSA", value:"JSA11171");

  script_name(english:"Juniper Junos OS Multiple Vulnerabilities (JSA11171)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the
JSA11171 advisory.

  - The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or
    unset traps via a crafted control mode packet. (CVE-2016-9310)

  - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a
    denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1
    requests, as exploited in the wild in December 2013. (CVE-2013-5211)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA11171");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA11171");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9310");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/15");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include('junos.inc');

model = get_kb_item_or_exit('Host/Juniper/model');
if (model !~ "^(EX|SRX)")
{
  audit(AUDIT_DEVICE_NOT_VULN, model);
}

ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

vuln_ranges = [
  {'min_ver':'14.1X53', 'fixed_ver':'14.1X53-D53'},
  {'min_ver':'16.1', 'fixed_ver':'16.1R7-S6'},
  {'min_ver':'16.2', 'fixed_ver':'16.2R3'},
  {'min_ver':'17.1', 'fixed_ver':'17.1R2-S11'},
  {'min_ver':'17.2', 'fixed_ver':'17.2R1-S9'},
  {'min_ver':'17.3', 'fixed_ver':'17.3R2-S5'},
  {'min_ver':'17.4', 'fixed_ver':'17.4R2-S7'},
  {'min_ver':'18.1', 'fixed_ver':'18.1R3-S8'},
  {'min_ver':'18.2', 'fixed_ver':'18.2R2-S7'},
  {'min_ver':'18.3', 'fixed_ver':'18.3R1-S5'},
  {'min_ver':'18.4', 'fixed_ver':'18.4R1-S4'},
  {'min_ver':'19.1', 'fixed_ver':'19.1R1-S3'},
  {'min_ver':'19.2', 'fixed_ver':'19.2R1-S1'}
];
if (model =~ '^EX')
{
  append_element(var:vuln_ranges, value:{'min_ver':'12.3', 'fixed_ver':'12.3R12-S15'});
  append_element(var:vuln_ranges, value:{'min_ver':'15.1', 'fixed_ver':'15.1R7-S6'});
}
if (model =~ '^SRX')
{
  append_element(var:vuln_ranges, value:{'min_ver':'12.3X48', 'fixed_ver':'12.3X48-D95'});
  append_element(var:vuln_ranges, value:{'min_ver':'15.1X49', 'fixed_ver':'15.1X49-D190'});
}

fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);
VendorProductVersionCPE
juniperjunoscpe:/o:juniper:junos

Related

veracode 1
ibm 24
cve 2
redhatcve 1
nessus 69
threatpost 4
securityvulns 3
checkpoint_advisories 1
suse 1
zdt 1
cert 2
freebsd 3
prion 2
ubuntucve 2
debiancve 2
f5 3
aix 2
openvas 35
amazon 4
mageia 2
exploitpack 1
packetstorm 1
slackware 2
oraclelinux 6
checkpoint_security 1
fortinet 1
thn 1
metasploit 1
gentoo 1
ics 1
freebsd_advisory 2
exploitdb 1
vmware 2
seebug 1
talos 1
fedora 3
centos 1
redhat 1
huawei 1
ubuntu 2
archlinux 1
symantec 1
cisco 1
cloudfoundry 1
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:30:44
ibm
ibm
Security Bulletin: Network Time Protocol (NTP) vulnerability in AIX which is used by IBM OS Images in IBM PureApplication Systems (CVE-2016-9310)
2018-06-15 07:08:16
Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)
2022-02-23 19:48:26
Security Bulletin: IBM Flex System Manager (FSM) is affected by vulnerability (CVE-2013-5211)
2019-01-31 01:25:01
cve
cve
CVE-2016-9310
2017-01-13 16:59:00
CVE-2013-5211
2014-01-02 14:59:00
redhatcve
redhatcve
CVE-2016-9310
2016-11-22 10:47:49
nessus
nessus
AIX 6.1 TL 7 : ntp (IV58413)
2014-06-17 00:00:00
AIX 6.1 TL 8 : ntp (IV58068)
2014-06-17 00:00:00
Oracle Linux 7 : ntp (ELSA-2016-3612)
2016-09-13 00:00:00
threatpost
threatpost
Volume of NTP Amplification Attacks Getting Louder
2014-04-29 13:03:29
PointDNS Recovers from Massive DDoS Attack
2014-05-12 15:35:26
NTP Amplification Blamed for 400 Gbps DDoS Attack
2014-02-11 12:21:35
securityvulns
securityvulns
ntp traffic amplification
2014-01-14 00:00:00
[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)
2014-01-14 00:00:00
TA14-013A: NTP Amplification Attacks Using CVE-2013-5211
2014-01-14 00:00:00
checkpoint_advisories
checkpoint_advisories
NTP Servers Monlist Command Denial of Service (CVE-2013-5211)
2014-01-19 00:00:00
suse
suse
DDoS reflection attacks in ntp
2014-01-20 17:05:38
zdt
zdt
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-29 00:00:00
cert
cert
NTP can be abused to amplify denial-of-service attack traffic
2014-01-10 00:00:00
NTP.org ntpd contains multiple denial of service vulnerabilities
2016-11-21 00:00:00
freebsd
freebsd
ntpd DRDoS / Amplification Attack using ntpdc monlist command
2014-01-01 00:00:00
FreeBSD -- Multiple vulnerabilities of ntp
2016-12-22 00:00:00
ntp -- multiple vulnerabilities
2016-11-21 00:00:00
prion
prion
Code injection
2017-01-13 16:59:00
Security feature bypass
2014-01-02 14:59:00
ubuntucve
ubuntucve
CVE-2016-9310
2017-01-13 00:00:00
CVE-2013-5211
2014-01-02 00:00:00
debiancve
debiancve
CVE-2016-9310
2017-01-13 16:59:00
CVE-2013-5211
2014-01-02 14:59:00
f5
f5
K87922456 : NTP vulnerability CVE-2016-9310
2016-12-22 00:00:00
SOL15154 - NTP vulnerability CVE-2013-5211
2014-04-10 00:00:00
K15154 : NTP vulnerability CVE-2013-5211
2014-04-10 00:00:00
aix
aix
Network Time Protocol (NTP) vulnerability in AIX,Network Time Protocol (NTP) vulnerability in VIOS
2014-06-12 16:24:51
There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.
2017-02-13 15:32:47
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:0937-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2014-0032)
2022-01-28 00:00:00
Slackware: Security Advisory (SSA:2014-044-02)
2022-04-21 00:00:00
amazon
amazon
Medium: ntp
2021-09-08 23:35:00
Medium: ntp
2017-01-04 17:00:00
Medium: ntp
2018-05-10 17:01:00
mageia
mageia
Updated ntp packages work around security vulnerability
2014-01-31 20:44:56
Updated ntp packages fix security vulnerabilities
2016-12-08 10:33:24
exploitpack
exploitpack
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-28 00:00:00
packetstorm
packetstorm
NTP Amplification Denial Of Service Tool
2014-07-16 00:00:00
slackware
slackware
ntp
2014-02-13 16:38:35
[slackware-security] ntp
2016-11-21 19:25:10
oraclelinux
oraclelinux
ntp security update
2016-09-09 00:00:00
ntp security update
2016-09-09 00:00:00
ntp security update
2017-02-06 00:00:00
checkpoint_security
checkpoint_security
Blocking NTP access on Gaia OS / IPSO OS (CVE-2013-5211)
2014-03-01 22:00:00
fortinet
fortinet
FortiAnalyzer could potentially be used in NTP amplification attacks
2020-06-22 00:00:00
thn
thn
Abusing Network Time Protocol (NTP) to perform massive Reflection DDoS attack
2014-01-02 20:25:00
metasploit
metasploit
NTP Monitor List Scanner
2010-01-27 23:25:17
gentoo
gentoo
NTP: Traffic amplification
2014-01-16 00:00:00
ics
ics
NTP Reflection Attack
2018-09-06 12:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:02.ntpd
2014-01-14 00:00:00
FreeBSD-SA-16:39.ntp
2016-12-22 00:00:00
exploitdb
exploitdb
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-28 00:00:00
vmware
vmware
VMware vSphere updates to third party libraries
2014-03-11 00:00:00
VMware vSphere updates to third party libraries
2014-03-11 00:00:00
seebug
seebug
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)
2017-10-11 00:00:00
talos
talos
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability
2016-11-21 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-43.fc23
2016-12-08 03:20:50
[SECURITY] Fedora 25 Update: ntp-4.2.6p5-43.fc25
2016-12-08 03:53:53
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-43.fc24
2016-12-07 20:21:32
centos
centos
ntp, ntpdate, sntp security update
2017-02-06 11:25:17
redhat
redhat
(RHSA-2017:0252) Moderate: ntp security update
2017-02-06 03:59:03
huawei
huawei
Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products
2017-11-29 00:00:00
ubuntu
ubuntu
NTP vulnerabilities
2019-01-23 00:00:00
NTP vulnerabilities
2017-07-05 00:00:00
archlinux
archlinux
[ASA-201611-28] ntp: multiple issues
2016-11-26 00:00:00
symantec
symantec
SA139 : November 2016 NTP Security Vulnerabilities
2017-01-12 08:00:00
cisco
cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
2016-11-23 16:00:00
cloudfoundry
cloudfoundry
USN-3349-1: NTP vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
JSON
Related for JUNIPER_JSA11171.NASL
veracode1ibm24cve2redhatcve1nessus69threatpost4securityvulns3checkpoint_advisories1suse1zdt1cert2freebsd3prion2ubuntucve2debiancve2f53aix2openvas35amazon4mageia2exploitpack1packetstorm1slackware2oraclelinux6checkpoint_security1fortinet1thn1metasploit1gentoo1ics1freebsd_advisory2exploitdb1vmware2seebug1talos1fedora3centos1redhat1huawei1ubuntu2archlinux1symantec1cisco1cloudfoundry1