Juniper Networks Junos OS QFX and EX Series Information Disclosure Vulnerability (JSA10773, Etherleak)

2017-01-1200:00:00

plugins.openvas.org

7.4 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

JSON

Junos OS on QFX and EX series is prone to an information
disclosure vulnerability also known as

# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:juniper:junos";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106508");
  script_version("2023-11-03T05:05:46+0000");
  script_tag(name:"last_modification", value:"2023-11-03 05:05:46 +0000 (Fri, 03 Nov 2023)");
  script_tag(name:"creation_date", value:"2017-01-12 09:12:17 +0700 (Thu, 12 Jan 2017)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-05-10 14:11:00 +0000 (Fri, 10 May 2019)");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  # nb: CVE-2003-0001 is the CVE for the "original" Etherleak flaw
  script_cve_id("CVE-2003-0001", "CVE-2017-2304");

  script_name("Juniper Networks Junos OS QFX and EX Series Information Disclosure Vulnerability (JSA10773, Etherleak)");

  script_category(ACT_GATHER_INFO);

  script_family("JunOS Local Security Checks");
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_dependencies("gb_juniper_junos_consolidation.nasl");
  script_mandatory_keys("juniper/junos/detected", "juniper/junos/model");

  script_tag(name:"summary", value:"Junos OS on QFX and EX series is prone to an information
  disclosure vulnerability also known as 'Etherleak'.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");

  script_tag(name:"insight", value:"QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices do
  not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory
  or data from previous packets. This issue is also known as 'Etherleak' and often detected as
  CVE-2003-0001.");

  script_tag(name:"impact", value:"An attacker may gain some sensitive information.");

  script_tag(name:"affected", value:"Junos OS 14.1 and 15.1 on specific QFX and EX devices.");

  script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10773");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");

model = get_kb_item("juniper/junos/model");
if (!model || (model !~ "^QFX(35|36|51|52)00" && model !~ "^EX(43|46)00"))
  exit(99);

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if ((revcomp(a: version, b: "14.1X53-D40") < 0) &&
    (revcomp(a: version, b: "14.1X53") >= 0)) {
  report = report_fixed_ver(installed_version: version, fixed_version: "14.1X53-D40");
  security_message(port: 0, data: report);
  exit(0);
}

if ((revcomp(a: version, b: "15.1X53-D40") < 0) &&
    (revcomp(a: version, b: "15.1X53") >= 0)) {
  report = report_fixed_ver(installed_version: version, fixed_version: "15.1X53-D40");
  security_message(port: 0, data: report);
  exit(0);
}

exit(99);