Junos OS on QFX and EX series is prone to an information
disclosure vulnerability also known as
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/o:juniper:junos";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106508");
script_version("2023-11-03T05:05:46+0000");
script_tag(name:"last_modification", value:"2023-11-03 05:05:46 +0000 (Fri, 03 Nov 2023)");
script_tag(name:"creation_date", value:"2017-01-12 09:12:17 +0700 (Thu, 12 Jan 2017)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-05-10 14:11:00 +0000 (Fri, 10 May 2019)");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
# nb: CVE-2003-0001 is the CVE for the "original" Etherleak flaw
script_cve_id("CVE-2003-0001", "CVE-2017-2304");
script_name("Juniper Networks Junos OS QFX and EX Series Information Disclosure Vulnerability (JSA10773, Etherleak)");
script_category(ACT_GATHER_INFO);
script_family("JunOS Local Security Checks");
script_copyright("Copyright (C) 2017 Greenbone AG");
script_dependencies("gb_juniper_junos_consolidation.nasl");
script_mandatory_keys("juniper/junos/detected", "juniper/junos/model");
script_tag(name:"summary", value:"Junos OS on QFX and EX series is prone to an information
disclosure vulnerability also known as 'Etherleak'.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");
script_tag(name:"insight", value:"QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices do
not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory
or data from previous packets. This issue is also known as 'Etherleak' and often detected as
CVE-2003-0001.");
script_tag(name:"impact", value:"An attacker may gain some sensitive information.");
script_tag(name:"affected", value:"Junos OS 14.1 and 15.1 on specific QFX and EX devices.");
script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");
script_xref(name:"URL", value:"http://kb.juniper.net/JSA10773");
exit(0);
}
include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");
model = get_kb_item("juniper/junos/model");
if (!model || (model !~ "^QFX(35|36|51|52)00" && model !~ "^EX(43|46)00"))
exit(99);
if (!version = get_app_version(cpe: CPE, nofork: TRUE))
exit(0);
if ((revcomp(a: version, b: "14.1X53-D40") < 0) &&
(revcomp(a: version, b: "14.1X53") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "14.1X53-D40");
security_message(port: 0, data: report);
exit(0);
}
if ((revcomp(a: version, b: "15.1X53-D40") < 0) &&
(revcomp(a: version, b: "15.1X53") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "15.1X53-D40");
security_message(port: 0, data: report);
exit(0);
}
exit(99);