CVE-2018-0052— Juniper Junos OS 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2018-0052の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Junos OS: Unauthenticated remote root access possible when RSH service is enabled
ソース: NVD (National Vulnerability Database)
脆弱性説明
If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to unauthenticated root access. When RSH is enabled, the device is listing to RSH connections on port 514. This issue is not exploitable on platforms where Junos release is based on FreeBSD 10+. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S9, 16.1R4-S9, 16.1R5-S4, 16.1R6-S4, 16.1R7; 16.2 versions prior to 16.2R2-S5; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D110, 17.2X75-D91; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.2X75 versions prior to 18.2X75-D5.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Juniper Junos OS 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Juniper Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件系统的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Junos OS中存在安全漏洞。当RSH服务被启用并且PAM被禁用时,攻击者可利用该漏洞获取未授权的root访问权限。以下版本受到影响:Juniper Junos OS 12.1X46版本(SRX Series),12.3版本,12.3X48版本(SRX Series),14.1X53版本(QFX/EX Ser
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Juniper Networks | Junos OS | 12.1X46 ~ 12.1X46-D77 | - | |
| Juniper Networks | Junos OS | 12.3 ~ 12.3R12-S10 | - | |
| Juniper Networks | Junos OS | 14.1X53 ~ 14.1X53-D47 | - | |
| Juniper Networks | Junos OS | 15.1X53 ~ 15.1X53-D59 | - | |
| Juniper Networks | Junos OS | 15.1X53 ~ 15.1X53-D67 | - | |
| Juniper Networks | Junos OS | 15.1X53 ~ 15.1X53-D233 | - | |
| Juniper Networks | Junos OS | 15.1X53 ~ 15.1X53-D471, 15.1X53-D490 | - |
II. CVE-2018-0052の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2018-0052のインテリジェンス情報
お願いします ログイン より多くのインテリジェンス情報を見る
Same Patch Batch · Juniper Networks · 2018-10-10 · 21 CVEs total
| CVE-2018-0054 | QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames | |
| CVE-2018-0063 | Junos OS: Nexthop index allocation failed: private index space exhausted after incoming AR | |
| CVE-2018-0062 | Junos OS: Denial of Service in J-Web | |
| CVE-2018-0061 | Junos OS: Denial of service in telnetd | |
| CVE-2018-0060 | Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd) | |
| CVE-2018-0059 | ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability | |
| CVE-2018-0058 | MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a Deni | |
| CVE-2018-0057 | Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in wi | |
| CVE-2018-0056 | MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interface | |
| CVE-2018-0055 | Junos OS: jdhcpd process crash during processing of specially crafted DHCPv6 message | |
| CVE-2018-0043 | Junos OS: RPD daemon crashes upon receipt of specific MPLS packet | |
| CVE-2018-0053 | vSRX Series: A local authentication vulnerability may lead to full control of a vSRX insta | |
| CVE-2018-0051 | Junos OS: Denial of Service vulnerability in MS-PIC, MS-MIC, MS-MPC, MS-DPC and SRX flow d | |
| CVE-2018-0050 | Junos OS: Receipt of a malformed MPLS RSVP packet leads to a Routing Protocols Daemon (RPD | |
| CVE-2018-0049 | Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel | |
| CVE-2018-0048 | Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (R | |
| CVE-2018-0047 | Junos Space Security Director: XSS vulnerability in web administration | |
| CVE-2018-0046 | Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS | |
| CVE-2018-0045 | Junos OS: RPD daemon crashes due to receipt of specific Draft-Rosen MVPN control packet in | |
| CVE-2018-0044 | NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS |
IV. 関連脆弱性
同じ製品: Junos OS
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33781
Junos OS: EX Series, QFX Series: In a VXLAN scenario when sp
同じベンダー: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
V. CVE-2018-0052へのコメント
まだコメントはありません