6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
68.1%
Junos OS is prone to a certification verification vulnerability.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/o:juniper:junos";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106136");
script_version("2023-07-20T05:05:17+0000");
script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
script_tag(name:"creation_date", value:"2016-07-14 10:16:23 +0700 (Thu, 14 Jul 2016)");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-09-01 01:29:00 +0000 (Fri, 01 Sep 2017)");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_cve_id("CVE-2016-1280");
script_name("Juniper Networks Junos OS Certification Validation Vulnerability");
script_category(ACT_GATHER_INFO);
script_family("JunOS Local Security Checks");
script_copyright("Copyright (C) 2016 Greenbone AG");
script_dependencies("gb_juniper_junos_consolidation.nasl");
script_mandatory_keys("juniper/junos/detected");
script_tag(name:"summary", value:"Junos OS is prone to a certification verification vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");
script_tag(name:"insight", value:"Junos OS runs PKId for certificate validation. When a peer device
presents a self-signed certificate as its end entity certificate with its issuer name matching one of the
valid CA certificates enrolled in Junos, the peer certificate validation is skipped and the peer certificate
is treated as valid.");
script_tag(name:"impact", value:"An attacker may be able to generate a specially crafted self-signed
certificate and bypass certificate validation.");
script_tag(name:"affected", value:"Junos OS 12.1, 12.3, 13.3, 14.1, 14.2 and 15.1");
script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");
script_xref(name:"URL", value:"http://kb.juniper.net/JSA10755");
exit(0);
}
include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");
if (!version = get_app_version(cpe: CPE, nofork: TRUE))
exit(0);
if (revcomp(a: version, b: "12.1X44-D52") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.1X44-D52");
security_message(port: 0, data: report);
exit(0);
}
if (version =~ "^12") {
if ((revcomp(a: version, b: "12.1X46-D37") < 0) &&
(revcomp(a: version, b: "12.1X46") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.1X46-D37");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "12.1X47-D30") < 0) &&
(revcomp(a: version, b: "12.1X47") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.1X47-D30");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "12.3R12") < 0) &&
(revcomp(a: version, b: "12.3R") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.3R12");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "12.3X48-D20") < 0) &&
(revcomp(a: version, b: "12.3X48") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.3X48-D20");
security_message(port: 0, data: report);
exit(0);
}
}
if (version =~ "^13") {
if (revcomp(a: version, b: "13.3R10") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "13.3R10");
security_message(port: 0, data: report);
exit(0);
}
}
if (version =~ "^14") {
if (revcomp(a: version, b: "14.1R8") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "14.1R8");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "14.1X53-D40") < 0) &&
(revcomp(a: version, b: "14.1X53") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "14.1X53-D40");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "14.2R7") < 0) &&
(revcomp(a: version, b: "14.2") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "14.2R7");
security_message(port: 0, data: report);
exit(0);
}
}
if (version =~ "^15") {
if (revcomp(a: version, b: "15.1R4") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "15.1R4");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "15.1X49-D20") < 0) &&
(revcomp(a: version, b: "15.1X49") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "15.1X49-D20");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "15.1X53-D60") < 0) &&
(revcomp(a: version, b: "15.1X53") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "15.1X53-D60");
security_message(port: 0, data: report);
exit(0);
}
}
exit(99);
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
68.1%