ID CVE-2018-0025
Summary When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series.
References
Vulnerable Configurations
  • Juniper JUNOS 12.1X46
    cpe:2.3:o:juniper:junos:12.1x46
  • Juniper Junos 12.1x46 D10
    cpe:2.3:o:juniper:junos:12.1x46:d10
  • Juniper Junos 12.1x46 D15
    cpe:2.3:o:juniper:junos:12.1x46:d15
  • Juniper JUNOS 12.1X46-D20
    cpe:2.3:o:juniper:junos:12.1x46:d20
  • Juniper Junos 12.1x46 D25
    cpe:2.3:o:juniper:junos:12.1x46:d25
  • Juniper JunOS 12.1x46 D30
    cpe:2.3:o:juniper:junos:12.1x46:d30
  • Juniper JunOS 12.1x46 D35
    cpe:2.3:o:juniper:junos:12.1x46:d35
  • Juniper JunOS 12.1x46 D40
    cpe:2.3:o:juniper:junos:12.1x46:d40
  • Juniper Junos 12.1X46 D45
    cpe:2.3:o:juniper:junos:12.1x46:d45
  • Juniper Junos 12.1X46 D50
    cpe:2.3:o:juniper:junos:12.1x46:d50
  • Juniper JunOS 12.1X46 D55
    cpe:2.3:o:juniper:junos:12.1x46:d55
  • cpe:2.3:o:juniper:junos:12.1x46:d60
    cpe:2.3:o:juniper:junos:12.1x46:d60
  • cpe:2.3:o:juniper:junos:12.1x46:d65
    cpe:2.3:o:juniper:junos:12.1x46:d65
  • cpe:2.3:o:juniper:junos:12.1x46:d66
    cpe:2.3:o:juniper:junos:12.1x46:d66
  • Juniper SRX100
    cpe:2.3:h:juniper:srx100
  • Juniper SRX110
    cpe:2.3:h:juniper:srx110
  • Juniper SRX1400
    cpe:2.3:h:juniper:srx1400
  • cpe:2.3:h:juniper:srx1500
    cpe:2.3:h:juniper:srx1500
  • Juniper SRX210
    cpe:2.3:h:juniper:srx210
  • Juniper SRX220
    cpe:2.3:h:juniper:srx220
  • Juniper SRX240
    cpe:2.3:h:juniper:srx240
  • cpe:2.3:h:juniper:srx300
    cpe:2.3:h:juniper:srx300
  • cpe:2.3:h:juniper:srx320
    cpe:2.3:h:juniper:srx320
  • cpe:2.3:h:juniper:srx340
    cpe:2.3:h:juniper:srx340
  • Juniper SRX3400
    cpe:2.3:h:juniper:srx3400
  • cpe:2.3:h:juniper:srx345
    cpe:2.3:h:juniper:srx345
  • Juniper SRX3600
    cpe:2.3:h:juniper:srx3600
  • cpe:2.3:h:juniper:srx4100
    cpe:2.3:h:juniper:srx4100
  • cpe:2.3:h:juniper:srx4200
    cpe:2.3:h:juniper:srx4200
  • Juniper SRX5400
    cpe:2.3:h:juniper:srx5400
  • Juniper SRX550
    cpe:2.3:h:juniper:srx550
  • Juniper SRX5600
    cpe:2.3:h:juniper:srx5600
  • Juniper SRX5800
    cpe:2.3:h:juniper:srx5800
  • Juniper SRX650
    cpe:2.3:h:juniper:srx650
  • cpe:2.3:o:juniper:junos:12.3x48
    cpe:2.3:o:juniper:junos:12.3x48
  • Juniper JunOS 12.3x48 D10
    cpe:2.3:o:juniper:junos:12.3x48:d10
  • Juniper JunOS 12.3x48 D15
    cpe:2.3:o:juniper:junos:12.3x48:d15
  • cpe:2.3:o:juniper:junos:12.3x48:d20
    cpe:2.3:o:juniper:junos:12.3x48:d20
  • Juniper SRX100
    cpe:2.3:h:juniper:srx100
  • Juniper SRX110
    cpe:2.3:h:juniper:srx110
  • Juniper SRX1400
    cpe:2.3:h:juniper:srx1400
  • cpe:2.3:h:juniper:srx1500
    cpe:2.3:h:juniper:srx1500
  • Juniper SRX210
    cpe:2.3:h:juniper:srx210
  • Juniper SRX220
    cpe:2.3:h:juniper:srx220
  • Juniper SRX240
    cpe:2.3:h:juniper:srx240
  • cpe:2.3:h:juniper:srx300
    cpe:2.3:h:juniper:srx300
  • cpe:2.3:h:juniper:srx320
    cpe:2.3:h:juniper:srx320
  • cpe:2.3:h:juniper:srx340
    cpe:2.3:h:juniper:srx340
  • Juniper SRX3400
    cpe:2.3:h:juniper:srx3400
  • cpe:2.3:h:juniper:srx345
    cpe:2.3:h:juniper:srx345
  • Juniper SRX3600
    cpe:2.3:h:juniper:srx3600
  • cpe:2.3:h:juniper:srx4100
    cpe:2.3:h:juniper:srx4100
  • cpe:2.3:h:juniper:srx4200
    cpe:2.3:h:juniper:srx4200
  • Juniper SRX5400
    cpe:2.3:h:juniper:srx5400
  • Juniper SRX550
    cpe:2.3:h:juniper:srx550
  • Juniper SRX5600
    cpe:2.3:h:juniper:srx5600
  • Juniper SRX5800
    cpe:2.3:h:juniper:srx5800
  • Juniper SRX650
    cpe:2.3:h:juniper:srx650
  • cpe:2.3:o:juniper:junos:15.1x49
    cpe:2.3:o:juniper:junos:15.1x49
  • Juniper JunOS 15.1x49 D10
    cpe:2.3:o:juniper:junos:15.1x49:d10
  • Juniper JunOS 15.1x49 D20
    cpe:2.3:o:juniper:junos:15.1x49:d20
  • Juniper JunOS 15.1X49 D30
    cpe:2.3:o:juniper:junos:15.1x49:d30
  • Juniper SRX100
    cpe:2.3:h:juniper:srx100
  • Juniper SRX110
    cpe:2.3:h:juniper:srx110
  • Juniper SRX1400
    cpe:2.3:h:juniper:srx1400
  • cpe:2.3:h:juniper:srx1500
    cpe:2.3:h:juniper:srx1500
  • Juniper SRX210
    cpe:2.3:h:juniper:srx210
  • Juniper SRX220
    cpe:2.3:h:juniper:srx220
  • Juniper SRX240
    cpe:2.3:h:juniper:srx240
  • cpe:2.3:h:juniper:srx300
    cpe:2.3:h:juniper:srx300
  • cpe:2.3:h:juniper:srx320
    cpe:2.3:h:juniper:srx320
  • cpe:2.3:h:juniper:srx340
    cpe:2.3:h:juniper:srx340
  • Juniper SRX3400
    cpe:2.3:h:juniper:srx3400
  • cpe:2.3:h:juniper:srx345
    cpe:2.3:h:juniper:srx345
  • Juniper SRX3600
    cpe:2.3:h:juniper:srx3600
  • cpe:2.3:h:juniper:srx4100
    cpe:2.3:h:juniper:srx4100
  • cpe:2.3:h:juniper:srx4200
    cpe:2.3:h:juniper:srx4200
  • Juniper SRX5400
    cpe:2.3:h:juniper:srx5400
  • Juniper SRX550
    cpe:2.3:h:juniper:srx550
  • Juniper SRX5600
    cpe:2.3:h:juniper:srx5600
  • Juniper SRX5800
    cpe:2.3:h:juniper:srx5800
  • Juniper SRX650
    cpe:2.3:h:juniper:srx650
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-255
CAPEC
nessus via4
NASL family Junos Local Security Checks
NASL id JUNIPER_JSA10858.NASL
description According to its self-reported version number, the remote Junos device is affected by a remote information disclosure vulnerability.
last seen 2018-07-21
modified 2018-07-20
plugin id 111205
published 2018-07-20
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=111205
title Juniper Junos HTTP/HTTPS Firewall User Authentication Remote Information Disclosure (JSA10858)
refmap via4
bid 104719
confirm https://kb.juniper.net/JSA10858
misc
sectrack 1041316
Last major update 11-07-2018 - 14:29
Published 11-07-2018 - 14:29
Last modified 11-09-2018 - 09:16
Back to Top