Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.JUNIPER_JSA69720.NASL
HistoryJul 21, 2022 - 12:00 a.m.

Juniper Junos Information Exposure (JSA69720)

2022-07-2100:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
juniper junos os
multiple vulnerabilities
jsa69720
network interface card
pfe
unauthorized access
sensitive information
cve-2003-0001
cve-2022-22216
etherleak
remote attackers
unauthorized actor
kernel memory
ethernet packets
ptx series
qfx10k series
system memory
data leakage

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as ‘Etherleak’ and often detected as CVE-2003-0001.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

File data juniper_JSA69720.nasl

Related

exploitpack 3
ubuntucve 1
securityvulns 7
seebug 4
packetstorm 2
cert 2
cvelist 5
nvd 5
nessus 19
exploitdb 3
zdt 2
cve 5
openvas 14
paloalto 1
prion 4
osv 6
debian 9
oracle 1
exploitpack
exploitpack
Ethernet Device Drivers Frame Padding - Etherleak Infomation Leakage
2007-03-23 00:00:00
Cisco ASA 8.4.4.6 8.2.5.32 - Ethernet Information Leak
2013-06-10 00:00:00
Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
2007-03-23 00:00:00
ubuntucve
ubuntucve
CVE-2003-0001
2003-01-17 00:00:00
securityvulns
securityvulns
[Full-Disclosure] IRIX Update Some Network Drivers May Leak Data
2004-04-03 00:00:00
Ethernet frame padding information leakage
2005-10-13 00:00:00
Etherleak: Ethernet frame padding information leakage (A010603-1)
2003-01-08 00:00:00
seebug
seebug
Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure
2014-07-01 00:00:00
Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak
2014-07-01 00:00:00
Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)
2014-07-01 00:00:00
packetstorm
packetstorm
etherleak.txt
2007-03-24 00:00:00
Cisco ASA Ethernet Information Leak
2013-06-10 00:00:00
cert
cert
Network device drivers reuse old frame buffer data to pad packets
2003-01-06 00:00:00
ptrace contains vulnerability allowing for local root compromise
2004-04-16 00:00:00
cvelist
cvelist
CVE-2003-0001
2003-01-08 05:00:00
CVE-2018-0014 ScreenOS: Etherleak vulnerability found on ScreenOS device
2018-01-10 22:00:00
CVE-2013-4690
2013-07-11 14:00:00
nvd
nvd
CVE-2003-0001
2003-01-17 05:00:00
CVE-2013-4690
2013-07-11 14:55:01
CVE-2021-3031
2021-01-13 18:15:14
nessus
nessus
Solaris 10 (x86) : 125907-02 (deprecated)
2013-09-15 00:00:00
Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)
2003-01-14 00:00:00
HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
2005-03-18 00:00:00
exploitdb
exploitdb
Ethernet Device Drivers Frame Padding - &#039;Etherleak&#039; Infomation Leakage
2007-03-23 00:00:00
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
2007-03-23 00:00:00
Cisco ASA &lt; 8.4.4.6 &lt; 8.2.5.32 - Ethernet Information Leak
2013-06-10 00:00:00
zdt
zdt
Cisco ASA < 8.4.4.6|8.2.5.32 Ethernet Information Leak
2013-06-10 00:00:00
Ethernet Device Drivers Frame Padding Info Leakage Expl (Etherleak)
2007-03-23 00:00:00
cve
cve
CVE-2003-0001
2003-01-17 05:00:00
CVE-2021-3031
2021-01-13 18:15:14
CVE-2018-0014
2018-01-10 22:29:01
openvas
openvas
Juniper Networks Junos OS QFX and EX Series Information Disclosure Vulnerability (JSA10773, Etherleak)
2017-01-12 00:00:00
ICMP 'Etherleak' Information Disclosure
2021-08-23 00:00:00
Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)
2008-01-17 00:00:00
paloalto
paloalto
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
2021-01-13 17:00:00
prion
prion
Design/Logic Flaw
2018-01-10 22:29:00
Code injection
2022-07-20 15:15:00
Information disclosure
2021-01-13 18:15:00
osv
osv
linux-kernel-2.4.18 - several vulnerabilities
2003-06-08 00:00:00
kernel-patch-2.4.18-powerpc - several vulnerabilities
2003-06-09 00:00:00
linux-kernel-2.4.17 - several vulnerabilities
2003-06-27 00:00:00
debian
debian
[SECURITY] [DSA-336-2] Factual correction for DSA-336-1
2003-06-30 21:32:58
[SECURITY] [DSA 442-1] New Linux 2.4.17 packages fix local root exploits and more (s390)
2004-02-19 09:24:37
[SECURITY] [DSA 442-1] New Linux 2.4.17 packages fix local root exploits and more (s390)
2004-02-19 09:24:37
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON
Related for JUNIPER_JSA69720.NASL
exploitpack3ubuntucve1securityvulns7seebug4packetstorm2cert2cvelist5nvd5nessus19exploitdb3zdt2cve5openvas14paloalto1prion4osv6debian9oracle1