Juniper Networks Junos OS Denial of Service Vulnerability for New Dynamic VPN Connections

2014-05-0200:00:00

plugins.openvas.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

Denial of Service Vulnerability for new dynamic VPN connections.

# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:juniper:junos";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105906");
  script_version("2023-07-27T05:05:08+0000");
  script_tag(name:"last_modification", value:"2023-07-27 05:05:08 +0000 (Thu, 27 Jul 2023)");
  script_tag(name:"creation_date", value:"2014-05-02 11:08:01 +0700 (Fri, 02 May 2014)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2014-0612");

  script_name("Juniper Networks Junos OS Denial of Service Vulnerability for New Dynamic VPN Connections");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone AG");
  script_family("JunOS Local Security Checks");
  script_dependencies("gb_juniper_junos_consolidation.nasl");
  script_mandatory_keys("juniper/junos/detected", "juniper/junos/model", "juniper/junos/build");

  script_tag(name:"summary", value:"Denial of Service Vulnerability for new dynamic VPN connections.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");

  script_tag(name:"insight", value:"On Branch SRX Series service gateways, when Dynamic IPsec VPN is
configured, a remote unauthenticated user may cause a denial of service condition where new Dynamic VPN
connections may fail for other users. This issue may also lead to high CPU consumption and disk usage which
may cause other complications.");

  script_tag(name:"impact", value:"A remote unauthenticated user may cause a denial of service
condition where new Dynamic VPN connections may fail for other users.");

  script_tag(name:"affected", value:"Junos OS 11.4 and 12.1.");

  script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper. As a
workaround disable dynamic IPSec VPN.");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10620");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/66759");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");

model = get_kb_item("juniper/junos/model");
if (!model || (model !~ '^SRX(10|11|21|22|24|55|65)0(-[A-Z]+)?$'))
  exit(99);

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

build = get_kb_item("juniper/junos/build");
if (!build)
  exit(0);

desc += "Version/Build-Date:
" + version + " / " + build;

build2check = str_replace(string:build, find:"-", replace:"");

if (revcomp(a:build2check, b:"20140219") >= 0) {
  exit(99);
}

if (revcomp(a:version, b:"11.4R10-S1") < 0) {
  security_message(port:0, data:desc);
  exit(0);
}

if (version =~ "^12\.1X") {
  if (revcomp(a:version, b:"12.1X44-D30") < 0) {
    security_message(port:0, data:desc);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.1X45-D20") < 0) &&
           (revcomp(a:version, b:"12.1X45") >= 0)) {
    security_message(port:0, data:desc);
  }
  else if ((revcomp(a:version, b:"12.1X45-D20") < 0) &&
           (revcomp(a:version, b:"12.1X45") >= 0)) {
    security_message(port:0, data:desc);
  }
  else if ((revcomp(a:version, b:"12.1X46-D10") < 0) &&
           (revcomp(a:version, b:"12.1X46") >= 0)) {
    security_message(port:0, data:desc);
  }
}

exit(99);