7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
6.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
64.5%
Junos OS is prone to a denial of service (DoS) vulnerability. on the SSH
server.
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/o:juniper:junos";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106038");
script_version("2023-07-25T05:05:58+0000");
script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
script_tag(name:"creation_date", value:"2015-11-23 10:20:35 +0700 (Mon, 23 Nov 2015)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_cve_id("CVE-2015-7752");
script_name("Juniper Networks Junos OS SSH Denial of Service Vulnerability");
script_category(ACT_GATHER_INFO);
script_family("JunOS Local Security Checks");
script_copyright("Copyright (C) 2015 Greenbone AG");
script_dependencies("gb_juniper_junos_consolidation.nasl");
script_mandatory_keys("juniper/junos/detected");
script_tag(name:"summary", value:"Junos OS is prone to a denial of service (DoS) vulnerability. on the SSH
server.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");
script_tag(name:"insight", value:"The SSH server used in Junos allows an unauthenticated remote
attacker to consume large amounts of CPU time prior to authentication, possibly leading to a partial
DoS attack. The attacker must be able to reach the device via SSH through any existing access lists
or firewall filters, and the issue only occurs if SSH is enabled.");
script_tag(name:"impact", value:"An unauthenticated remote attacker can leverage a DoS attack.");
script_tag(name:"affected", value:"Junos OS 12.1, 12.3, 13.2, 13.3, 14.1 and 14.2");
script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");
script_xref(name:"URL", value:"http://kb.juniper.net/JSA10708");
exit(0);
}
include("host_details.inc");
include("revisions-lib.inc");
if (!version = get_app_version(cpe: CPE, nofork: TRUE))
exit(0);
if (version =~ "^12") {
if ((revcomp(a: version, b: "12.1X44-D50") < 0) &&
(revcomp(a: version, b: "12.1X44") >= 0)) {
security_message(port: 0, data: version);
exit(0);
}
else if ((revcomp(a: version, b: "12.1X46-D35") < 0) &&
(revcomp(a: version, b: "12.1X46") >= 0)) {
security_message(port: 0, data: version);
exit(0);
}
else if ((revcomp(a: version, b: "12.1X47-D25") < 0) &&
(revcomp(a: version, b: "12.1X47") >= 0)) {
security_message(port: 0, data: version);
exit(0);
}
else if ((revcomp(a: version, b: "12.3R10") < 0) &&
(revcomp(a: version, b: "12.3") >= 0)) {
security_message(port: 0, data: version);
exit(0);
}
else if ((revcomp(a: version, b: "12.3X48-D10") < 0) &&
(revcomp(a: version, b: "12.3X") >= 0)) {
security_message(port: 0, data: version);
exit(0);
}
}
if (version =~ "^13") {
if (revcomp(a: version, b: "13.2R8") < 0) {
security_message(port: 0, data: version);
exit(0);
}
else if ((revcomp(a: version, b: "13.2X51-D35") < 0) &&
(revcomp(a: version, b: "13.2X") >= 0)) {
security_message(port: 0, data: version);
exit(0);
}
else if ((revcomp(a: version, b: "13.3R6") < 0) &&
(revcomp(a: version, b: "13.3") >= 0)) {
security_message(port: 0, data: version);
exit(0);
}
}
if (version =~ "^14") {
if (revcomp(a: version, b: "14.1R5") < 0) {
security_message(port: 0, data: version);
exit(0);
}
else if ((revcomp(a: version, b: "14.1X53-D25") < 0) &&
(revcomp(a: version, b: "14.1X") >= 0)) {
security_message(port: 0, data: version);
exit(0);
}
else if ((revcomp(a: version, b: "14.2R3") < 0) &&
(revcomp(a: version, b: "14.2") >= 0)) {
security_message(port: 0, data: version);
exit(0);
}
}
exit(99);