cvelistv5 - cve-2018-0023

CVE-2018-0023 (GCVE-0-2018-0023)

Vulnerability from cvelistv5

Published

2018-04-11 19:00

Modified

2024-09-16 16:13

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

insecure file permission

Summary

References

URL

	Vendor	Product	Version
	Juniper Networks	Junos Snapshot Administrator (JSNAPy)	Version: all < 1.3.0

pysec-2018-84

Vulnerability from pysec

Published

2018-04-11 19:29

Modified

2021-08-27 03:22

Details

Impacted products

Name	purl
jsnapy	pkg:pypi/jsnapy

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jsnapy",
        "purl": "pkg:pypi/jsnapy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.0",
        "1.1.0",
        "1.2.0",
        "1.2.1",
        "1.2.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2018-0023",
    "GHSA-qc55-vm3j-74gp"
  ],
  "details": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.",
  "id": "PYSEC-2018-84",
  "modified": "2021-08-27T03:22:05.101975Z",
  "published": "2018-04-11T19:29:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10856"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103745"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-qc55-vm3j-74gp"
    }
  ]
}

fkie_cve-2018-0023

Vulnerability from fkie_nvd

Published

2018-04-11 19:29

Modified

2024-11-21 03:37

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
sirt@juniper.net	http://www.securityfocus.com/bid/103745	Third Party Advisory, VDB Entry
sirt@juniper.net	https://kb.juniper.net/JSA10856	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103745	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA10856	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	juniper	jsnapy	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:jsnapy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A217671-6439-45AD-9091-877E5B048A5C",
              "versionEndExcluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github."
    },
    {
      "lang": "es",
      "value": "JSNAPy es una versi\u00f3n de c\u00f3digo abierto para Python de Junos Snapshot Administrator desarrollada por Juniper y disponible en github. La configuraci\u00f3n por defecto y los archivos de muestra de la herramienta de automatizaci\u00f3n JSNAPy, en versiones anteriores a la 1.3.0, se crean de forma que sean modificables por cualquier usuario. Este permiso de archivo y directorio inseguro permite que usuarios locales sin privilegios alteren los archivos en este directorio, incluyendo la inserci\u00f3n de operaciones no planeadas por el mantenedor de paquetes, el administrador del sistema o por otros usuarios. Este problema solo afecta a los usuarios que hayan descargado e instalado JSNAPy a trav\u00e9s de github."
    }
  ],
  "id": "CVE-2018-0023",
  "lastModified": "2024-11-21T03:37:22.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-11T19:29:00.697",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103745"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10856"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github. JSNAPy Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Juniper JSNAPy is prone to a local insecure-file-permissions vulnerability. A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. Versions prior to Juniper JSNAPy 1.3.0 are vulnerable. It is mainly used to save runtime environment snapshots of networked devices running the Junos operating system

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0662",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jsnapy",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "juniper",
        "version": "1.3.0"
      },
      {
        "model": "jsnapy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.2.1"
      },
      {
        "model": "jsnapy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.2"
      },
      {
        "model": "jsnapy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0023"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:juniper:jsnapy",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "103745"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0023",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-0023",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-118225",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-0023",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0023",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "sirt@juniper.net",
            "id": "CVE-2018-0023",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0023",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-512",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118225",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0023"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0023"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github. JSNAPy Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Juniper JSNAPy is prone to a local insecure-file-permissions vulnerability. \nA local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. \nVersions prior to Juniper JSNAPy 1.3.0  are vulnerable. It is mainly used to save runtime environment snapshots of networked devices running the Junos operating system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "db": "BID",
        "id": "103745"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118225"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0023",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "103745",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10856",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-512",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-118225",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118225"
      },
      {
        "db": "BID",
        "id": "103745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0023"
      }
    ]
  },
  "id": "VAR-201804-0662",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118225"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:55:54.649000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10856",
        "trust": 0.8,
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10856\u0026actp=METADATA"
      },
      {
        "title": "Juniper JSNAPy Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83278"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-512"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-276",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0023"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/103745"
      },
      {
        "trust": 1.7,
        "url": "https://kb.juniper.net/jsa10856"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0023"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0023"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10856\u0026cat=sirt_1\u0026actp=list"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118225"
      },
      {
        "db": "BID",
        "id": "103745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0023"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-118225"
      },
      {
        "db": "BID",
        "id": "103745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0023"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118225"
      },
      {
        "date": "2018-04-11T00:00:00",
        "db": "BID",
        "id": "103745"
      },
      {
        "date": "2018-06-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "date": "2018-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-512"
      },
      {
        "date": "2018-04-11T19:29:00.697000",
        "db": "NVD",
        "id": "CVE-2018-0023"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118225"
      },
      {
        "date": "2018-04-11T00:00:00",
        "db": "BID",
        "id": "103745"
      },
      {
        "date": "2018-06-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-512"
      },
      {
        "date": "2024-11-21T03:37:22.880000",
        "db": "NVD",
        "id": "CVE-2018-0023"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "103745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-512"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "JSNAPy Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004204"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-512"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2018-08861

Vulnerability from cnvd

Title

Juniper JSNAPy全局可写默认配置文件权限漏洞

Description

JSNAPy是Juniper开发的Junos Snapshot Administrator的开源python版。 Juniper JSNAPy存在全局可写默认配置文件权限漏洞。非特权本地用户可利用该不安全的文件和目录权限更改此目录下的文件，包括插入包维护人员、系统管理员或其他用户非预期的操作。

Severity

中

Patch Name

Juniper JSNAPy全局可写默认配置文件权限漏洞的补丁

Patch Description

JSNAPy是Juniper开发的Junos Snapshot Administrator的开源python版。 Juniper JSNAPy存在全局可写默认配置文件权限漏洞。非特权本地用户可利用该不安全的文件和目录权限更改此目录下的文件，包括插入包维护人员、系统管理员或其他用户非预期的操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://github.com/Juniper/jsnapy/releases

Reference

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10856&actp=METADATA

Impacted products

Name
Juniper JSNAPy <1.3.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103745"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0023"
    }
  },
  "description": "JSNAPy\u662fJuniper\u5f00\u53d1\u7684Junos Snapshot Administrator\u7684\u5f00\u6e90python\u7248\u3002\r\n\r\nJuniper JSNAPy\u5b58\u5728\u5168\u5c40\u53ef\u5199\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u6743\u9650\u6f0f\u6d1e\u3002\u975e\u7279\u6743\u672c\u5730\u7528\u6237\u53ef\u5229\u7528\u8be5\u4e0d\u5b89\u5168\u7684\u6587\u4ef6\u548c\u76ee\u5f55\u6743\u9650\u66f4\u6539\u6b64\u76ee\u5f55\u4e0b\u7684\u6587\u4ef6\uff0c\u5305\u62ec\u63d2\u5165\u5305\u7ef4\u62a4\u4eba\u5458\u3001\u7cfb\u7edf\u7ba1\u7406\u5458\u6216\u5176\u4ed6\u7528\u6237\u975e\u9884\u671f\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Juniper",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/Juniper/jsnapy/releases",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-08861",
  "openTime": "2018-05-03",
  "patchDescription": "JSNAPy\u662fJuniper\u5f00\u53d1\u7684Junos Snapshot Administrator\u7684\u5f00\u6e90python\u7248\u3002\r\n\r\nJuniper JSNAPy\u5b58\u5728\u5168\u5c40\u53ef\u5199\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u6743\u9650\u6f0f\u6d1e\u3002\u975e\u7279\u6743\u672c\u5730\u7528\u6237\u53ef\u5229\u7528\u8be5\u4e0d\u5b89\u5168\u7684\u6587\u4ef6\u548c\u76ee\u5f55\u6743\u9650\u66f4\u6539\u6b64\u76ee\u5f55\u4e0b\u7684\u6587\u4ef6\uff0c\u5305\u62ec\u63d2\u5165\u5305\u7ef4\u62a4\u4eba\u5458\u3001\u7cfb\u7edf\u7ba1\u7406\u5458\u6216\u5176\u4ed6\u7528\u6237\u975e\u9884\u671f\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper JSNAPy\u5168\u5c40\u53ef\u5199\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u6743\u9650\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Juniper    JSNAPy \u003c1.3.0"
  },
  "referenceLink": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10856\u0026actp=METADATA",
  "serverity": "\u4e2d",
  "submitTime": "2018-04-12",
  "title": "Juniper JSNAPy\u5168\u5c40\u53ef\u5199\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u6743\u9650\u6f0f\u6d1e"
}

ghsa-qc55-vm3j-74gp

Vulnerability from github

Published

2018-07-12 20:30

Modified

2024-09-24 21:02

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Summary

JSNAPy allows unprivileged local users to alter files under the directory

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jsnapy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-0023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:51:34Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.",
  "id": "GHSA-qc55-vm3j-74gp",
  "modified": "2024-09-24T21:02:12Z",
  "published": "2018-07-12T20:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0023"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Juniper/jsnapy"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-qc55-vm3j-74gp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jsnapy/PYSEC-2018-84.yaml"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10856"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227125151/http://www.securityfocus.com/bid/103745"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "JSNAPy allows unprivileged local users to alter files under the directory"
}

gsd-2018-0023

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-0023

Aliases

CVE-2018-0023

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0023",
    "description": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.",
    "id": "GSD-2018-0023"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0023"
      ],
      "details": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.",
      "id": "GSD-2018-0023",
      "modified": "2023-12-13T01:22:25.157810Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2018-04-11T16:00:00.000Z",
        "ID": "CVE-2018-0023",
        "STATE": "PUBLIC",
        "TITLE": "Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Junos Snapshot Administrator (JSNAPy)",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_name": "all",
                          "version_value": "1.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "insecure file permission"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/JSA10856",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/JSA10856"
          },
          {
            "name": "103745",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103745"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "This issue is resolved in 1.3.0 and subsequent releases.\nFixed JSNAPy releases can be downloaded from https://github.com/Juniper/jsnapy/releases.\n"
        },
        {
          "lang": "eng",
          "value": "Upgrading to the fixed release is not sufficient to resolve the issue, modifying file permission after upgrade as described in the workaround section is required.\nThis issue is fixed for fresh/new installation."
        }
      ],
      "source": {
        "advisory": "JSA10856",
        "discovery": "INTERNAL"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "The workaround is to change the related files and directory to group/world to readable, but not writable:\n  # sudo chmod -R og-w /etc/jsnapy\n  # ls -l /etc/jsnapy/\n  total 20\n  -rwxr-xr-x 1 root root  387 Aug  9  2016 jsnapy.cfg \n  -rwxr-xr-x 1 root root 1695 Aug  9  2016 logging.yml \n  drwxr-xr-x 2 root root 4096 Aug 26  2016 samples \n  drwxr-xr-x 2 root root 4096 Aug 26  2016 snapshots \n  drwxr-xr-x 2 root root 4096 Aug 26  2016 testfiles"
        }
      ]
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.3.0",
          "affected_versions": "All versions before 1.3.0",
          "cvss_v2": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-276",
            "CWE-937"
          ],
          "date": "2019-10-09",
          "description": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy are world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.",
          "fixed_versions": [
            "1.3.0"
          ],
          "identifier": "CVE-2018-0023",
          "identifiers": [
            "CVE-2018-0023"
          ],
          "not_impacted": "All versions starting from 1.3.0",
          "package_slug": "pypi/jsnapy",
          "pubdate": "2018-04-11",
          "solution": "Upgrade to version 1.3.0 or above.",
          "title": "Incorrect Default Permissions",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-0023",
            "http://www.securityfocus.com/bid/103745",
            "https://kb.juniper.net/JSA10856"
          ],
          "uuid": "d5b00609-98a6-4650-8a01-201ea0c99f02"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:jsnapy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2018-0023"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10856",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA10856"
            },
            {
              "name": "103745",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103745"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:31Z",
      "publishedDate": "2018-04-11T19:29Z"
    }
  }
}

CERTFR-2018-AVI-184

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Steel-Belted Radius (SBR) Carrier 8.2.0 antérieures à 8.2.0-R18
Juniper Networks	N/A	CTPOS versions antérieures à 7.3R4 ou 7.4R1
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D60 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D100
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D66, 12.3X48-D70
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D59
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R5
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D58 on EX2300/EX3400
Juniper Networks	N/A	CentOS versions 6.5 antérieures à 2012.2R12
Juniper Networks	Junos OS	Junos OS versions 14.2 antérieures à 14.2R8
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S8, 16.1R4-S9, 16.1R5-S3, 16.1R6-S3, 16.1R7
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D50
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D233 on QFX5200/QFX5110
Juniper Networks	Junos OS	Junos OS versions 16.1X70 antérieures à 16.1X70-D10
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D90
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R1-S6, 16.2R2
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S8, 16.1R4-S6, 16.1R5
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D60
Juniper Networks	N/A	Steel-Belted Radius (SBR) Carrier versions 8.3.0.x antérieures à 8.3.0-R11
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2-S6, 17.1R3
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2-S3, 17.1R3
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D65
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D130 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7
Juniper Networks	N/A	NSM versions antérieures à 2012.2R14
Juniper Networks	Junos OS	Junos OS versions 17.2X75 antérieures à 17.2X75-D70
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D35 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D66, 15.1X53-D233, 15.1X53-D471
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R2
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 16.1X65 antérieures à 16.1X65-D47
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1R4-S9, 15.1R6-S6, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 14.1 antérieures à 14.1R10, 14.1R9
Juniper Networks	Junos OS	Junos OS versions 14.1X53 antérieures à 14.1X53-D47
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R1-S6, 16.2R2-S5, 16.2R3
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66
Juniper Networks	Junos OS	Junos OS versions 12.3 antérieures à 12.3R12-S7, 12.3R13
Juniper Networks	N/A	CTPView versions antérieures à 7.3R4 ou 7.4R2
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D471 on NFX
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R5-S3, 16.1R7
Juniper Networks	Junos OS	Junos OS versions 12.1X46 antérieures à 12.1X46-D76
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D66 sur QFX10K
N/A	N/A	Junos Snapshot Administrator (JSNAPy) versions antérieures à 1.3.0
Juniper Networks	Junos OS	Junos OS versions 17.2 antérieures à 17.2R1-S5, 17.2R2
Juniper Networks	N/A	NorthStar Controller versions 3.2.x antérieures à 3.2.1
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F2-S20, 15.1F6-S10, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 12.1X46 antérieures à 12.1X46-D60 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D131, 15.1X49-D140
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5
Juniper Networks	N/A	NorthStar Controller versions 3.0.x antérieures à 3.0.1
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D55
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R1-S7, 17.1R2-S6, 17.1R3
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D130
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D66 sur QFX10
Juniper Networks	N/A	Steel-Belted Radius (SBR) Carrier versions 8.4.1.x antérieures à 8.4.1-R5
Juniper Networks	Junos OS	Junos OS versions 14.1X53 antérieures à 14.1X53-D130
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S8, 16.1R4-S8, 16.1R5
Juniper Networks	Junos OS	Junos OS versions 17.2 antérieures à 17.2R1-S3, 17.2R2-S1, 17.2R3

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10852 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10847 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10845 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10850 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10855 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10844 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10846 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10851 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10856 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10849 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10853 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10854 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10848 du 11 avril 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Steel-Belted Radius (SBR) Carrier 8.2.0 ant\u00e9rieures \u00e0 8.2.0-R18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPOS versions ant\u00e9rieures \u00e0 7.3R4 ou 7.4R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D60 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D100",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D66, 12.3X48-D70",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D59",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D58 on EX2300/EX3400",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CentOS versions 6.5 ant\u00e9rieures \u00e0 2012.2R12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.2 ant\u00e9rieures \u00e0 14.2R8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S8, 16.1R4-S9, 16.1R5-S3, 16.1R6-S3, 16.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D50",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D233 on QFX5200/QFX5110",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1X70 ant\u00e9rieures \u00e0 16.1X70-D10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D90",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R1-S6, 16.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S8, 16.1R4-S6, 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D60",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Steel-Belted Radius (SBR) Carrier versions 8.3.0.x ant\u00e9rieures \u00e0 8.3.0-R11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2-S6, 17.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2-S3, 17.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D65",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D130 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NSM versions ant\u00e9rieures \u00e0 2012.2R14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2X75 ant\u00e9rieures \u00e0 17.2X75-D70",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D35 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D66, 15.1X53-D233, 15.1X53-D471",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1X65 ant\u00e9rieures \u00e0 16.1X65-D47",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R4-S9, 15.1R6-S6, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1 ant\u00e9rieures \u00e0 14.1R10, 14.1R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D47",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R1-S6, 16.2R2-S5, 16.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3 ant\u00e9rieures \u00e0 12.3R12-S7, 12.3R13",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions ant\u00e9rieures \u00e0 7.3R4 ou 7.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D471 on NFX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R5-S3, 16.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D76",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D66 sur QFX10K",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Snapshot Administrator (JSNAPy) versions ant\u00e9rieures \u00e0 1.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2 ant\u00e9rieures \u00e0 17.2R1-S5, 17.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller versions 3.2.x ant\u00e9rieures \u00e0 3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F2-S20, 15.1F6-S10, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D60 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D131, 15.1X49-D140",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller versions 3.0.x ant\u00e9rieures \u00e0 3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D55",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R1-S7, 17.1R2-S6, 17.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D130",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D66 sur QFX10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Steel-Belted Radius (SBR) Carrier versions 8.4.1.x ant\u00e9rieures \u00e0 8.4.1-R5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D130",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S8, 16.1R4-S8, 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2 ant\u00e9rieures \u00e0 17.2R1-S3, 17.2R2-S1, 17.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8767"
    },
    {
      "name": "CVE-2018-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0020"
    },
    {
      "name": "CVE-2016-5829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5829"
    },
    {
      "name": "CVE-2016-0701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
    },
    {
      "name": "CVE-2015-8324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8324"
    },
    {
      "name": "CVE-2018-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0017"
    },
    {
      "name": "CVE-2013-4312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4312"
    },
    {
      "name": "CVE-2018-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0021"
    },
    {
      "name": "CVE-2015-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5156"
    },
    {
      "name": "CVE-2013-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1762"
    },
    {
      "name": "CVE-2016-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4470"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2017-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
    },
    {
      "name": "CVE-2018-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0016"
    },
    {
      "name": "CVE-2016-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1583"
    },
    {
      "name": "CVE-2014-7842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7842"
    },
    {
      "name": "CVE-2015-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3644"
    },
    {
      "name": "CVE-2016-2550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2550"
    },
    {
      "name": "CVE-2016-5696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5696"
    },
    {
      "name": "CVE-2015-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2925"
    },
    {
      "name": "CVE-2018-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0019"
    },
    {
      "name": "CVE-2016-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4565"
    },
    {
      "name": "CVE-2018-0022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0022"
    },
    {
      "name": "CVE-2014-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0016"
    },
    {
      "name": "CVE-2016-0774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0774"
    },
    {
      "name": "CVE-2015-7550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7550"
    },
    {
      "name": "CVE-2014-8134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8134"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2015-2080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2080"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2015-8543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8543"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2015-7613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7613"
    },
    {
      "name": "CVE-2015-5157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5157"
    },
    {
      "name": "CVE-2008-2420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2420"
    },
    {
      "name": "CVE-2008-2400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2400"
    },
    {
      "name": "CVE-2018-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0018"
    },
    {
      "name": "CVE-2015-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1805"
    },
    {
      "name": "CVE-2018-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0023"
    },
    {
      "name": "CVE-2010-5313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-5313"
    },
    {
      "name": "CVE-2015-7872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7872"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2143"
    }
  ],
  "initial_release_date": "2018-04-16T00:00:00",
  "last_revision_date": "2018-04-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-184",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10852 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10852\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10847 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10847\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10845 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10845\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10850 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10850\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10855 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10855\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10844 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10844\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10846 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10846\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10851 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10851\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10856 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10856\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10849 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10849\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10853 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10853\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10854 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10854\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10848 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10848\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-0023 (GCVE-0-2018-0023)

Vulnerability from cvelistv5

pysec-2018-84

Vulnerability from pysec

fkie_cve-2018-0023

Vulnerability from fkie_nvd

var-201804-0662

Vulnerability from variot

cnvd-2018-08861

Vulnerability from cnvd

ghsa-qc55-vm3j-74gp

Vulnerability from github

gsd-2018-0023

Vulnerability from gsd

CERTFR-2018-AVI-184

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature