Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone AGOPENVAS:1361412562310106136
HistoryJul 14, 2016 - 12:00 a.m.

Juniper Networks Junos OS Certification Validation Vulnerability

2016-07-1400:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
12

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.003 Low

EPSS

Percentile

68.1%

JSON

Junos OS is prone to a certification verification vulnerability.

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:juniper:junos";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106136");
  script_version("2023-07-20T05:05:17+0000");
  script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
  script_tag(name:"creation_date", value:"2016-07-14 10:16:23 +0700 (Thu, 14 Jul 2016)");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-09-01 01:29:00 +0000 (Fri, 01 Sep 2017)");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2016-1280");

  script_name("Juniper Networks Junos OS Certification Validation Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_family("JunOS Local Security Checks");
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_dependencies("gb_juniper_junos_consolidation.nasl");
  script_mandatory_keys("juniper/junos/detected");

  script_tag(name:"summary", value:"Junos OS is prone to a certification verification vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");

  script_tag(name:"insight", value:"Junos OS runs PKId for certificate validation. When a peer device
presents a self-signed certificate as its end entity certificate with its issuer name matching one of the
valid CA certificates enrolled in Junos, the peer certificate validation is skipped and the peer certificate
is treated as valid.");

  script_tag(name:"impact", value:"An attacker may be able to generate a specially crafted self-signed
certificate and bypass certificate validation.");

  script_tag(name:"affected", value:"Junos OS 12.1, 12.3, 13.3, 14.1, 14.2 and 15.1");

  script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10755");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if (revcomp(a: version, b: "12.1X44-D52") < 0) {
  report = report_fixed_ver(installed_version: version, fixed_version: "12.1X44-D52");
  security_message(port: 0, data: report);
  exit(0);
}

if (version =~ "^12") {
  if ((revcomp(a: version, b: "12.1X46-D37") < 0) &&
      (revcomp(a: version, b: "12.1X46") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "12.1X46-D37");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "12.1X47-D30") < 0) &&
           (revcomp(a: version, b: "12.1X47") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "12.1X47-D30");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "12.3R12") < 0) &&
           (revcomp(a: version, b: "12.3R") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "12.3R12");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "12.3X48-D20") < 0) &&
           (revcomp(a: version, b: "12.3X48") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "12.3X48-D20");
    security_message(port: 0, data: report);
    exit(0);
  }
}

if (version =~ "^13") {
  if (revcomp(a: version, b: "13.3R10") < 0) {
    report = report_fixed_ver(installed_version: version, fixed_version: "13.3R10");
    security_message(port: 0, data: report);
    exit(0);
  }
}

if (version =~ "^14") {
  if (revcomp(a: version, b: "14.1R8") < 0) {
    report = report_fixed_ver(installed_version: version, fixed_version: "14.1R8");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "14.1X53-D40") < 0) &&
           (revcomp(a: version, b: "14.1X53") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "14.1X53-D40");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "14.2R7") < 0) &&
           (revcomp(a: version, b: "14.2") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "14.2R7");
    security_message(port: 0, data: report);
    exit(0);
  }
}

if (version =~ "^15") {
  if (revcomp(a: version, b: "15.1R4") < 0) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1R4");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "15.1X49-D20") < 0) &&
           (revcomp(a: version, b: "15.1X49") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1X49-D20");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "15.1X53-D60") < 0) &&
           (revcomp(a: version, b: "15.1X53") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1X53-D60");
    security_message(port: 0, data: report);
    exit(0);
  }
}

exit(99);

Related

cve 1
nvd 1
prion 1
nessus 1
cvelist 1
threatpost 1
cve
cve
CVE-2016-1280
2016-09-09 14:05:06
nvd
nvd
CVE-2016-1280
2016-09-09 14:05:06
prion
prion
Design/Logic Flaw
2016-09-09 14:05:00
nessus
nessus
Juniper Junos Certificate Validation Bypass (JSA10755)
2016-07-22 00:00:00
cvelist
cvelist
CVE-2016-1280
2016-09-09 14:00:00
threatpost
threatpost
Juniper Crypto Bug Let Attackers Eavesdrop on Router, Switch Traffic
2016-07-15 16:20:15

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.003 Low

EPSS

Percentile

68.1%

JSON
Related for OPENVAS:1361412562310106136
cve1nvd1prion1nessus1cvelist1threatpost1