Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-0052— Junos OS: Unauthenticated remote root access possible when RSH service is enabled

EPSS 8.50% · P92
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-0052

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos OS: Unauthenticated remote root access possible when RSH service is enabled
Source: NVD (National Vulnerability Database)
Vulnerability Description
If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to unauthenticated root access. When RSH is enabled, the device is listing to RSH connections on port 514. This issue is not exploitable on platforms where Junos release is based on FreeBSD 10+. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S9, 16.1R4-S9, 16.1R5-S4, 16.1R6-S4, 16.1R7; 16.2 versions prior to 16.2R2-S5; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D110, 17.2X75-D91; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.2X75 versions prior to 18.2X75-D5.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Junos OS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件系统的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Junos OS中存在安全漏洞。当RSH服务被启用并且PAM被禁用时,攻击者可利用该漏洞获取未授权的root访问权限。以下版本受到影响:Juniper Junos OS 12.1X46版本(SRX Series),12.3版本,12.3X48版本(SRX Series),14.1X53版本(QFX/EX Ser
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS 12.1X46 ~ 12.1X46-D77 -
Juniper NetworksJunos OS 12.3 ~ 12.3R12-S10 -
Juniper NetworksJunos OS 14.1X53 ~ 14.1X53-D47 -
Juniper NetworksJunos OS 15.1X53 ~ 15.1X53-D59 -
Juniper NetworksJunos OS 15.1X53 ~ 15.1X53-D67 -
Juniper NetworksJunos OS 15.1X53 ~ 15.1X53-D233 -
Juniper NetworksJunos OS 15.1X53 ~ 15.1X53-D471, 15.1X53-D490 -

II. Public POCs for CVE-2018-0052

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-0052

登录查看更多情报信息。

Same Patch Batch · Juniper Networks · 2018-10-10 · 21 CVEs total

CVE-2018-0054QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames
CVE-2018-0063Junos OS: Nexthop index allocation failed: private index space exhausted after incoming AR
CVE-2018-0062Junos OS: Denial of Service in J-Web
CVE-2018-0061Junos OS: Denial of service in telnetd
CVE-2018-0060Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd)
CVE-2018-0059ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability
CVE-2018-0058MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a Deni
CVE-2018-0057Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in wi
CVE-2018-0056MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interface
CVE-2018-0055Junos OS: jdhcpd process crash during processing of specially crafted DHCPv6 message
CVE-2018-0043Junos OS: RPD daemon crashes upon receipt of specific MPLS packet
CVE-2018-0053vSRX Series: A local authentication vulnerability may lead to full control of a vSRX insta
CVE-2018-0051Junos OS: Denial of Service vulnerability in MS-PIC, MS-MIC, MS-MPC, MS-DPC and SRX flow d
CVE-2018-0050Junos OS: Receipt of a malformed MPLS RSVP packet leads to a Routing Protocols Daemon (RPD
CVE-2018-0049Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel
CVE-2018-0048Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (R
CVE-2018-0047Junos Space Security Director: XSS vulnerability in web administration
CVE-2018-0046Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS
CVE-2018-0045Junos OS: RPD daemon crashes due to receipt of specific Draft-Rosen MVPN control packet in
CVE-2018-0044NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS

IV. Related Vulnerabilities

Same product: Junos OS
Same vendor: Juniper Networks

V. Comments for CVE-2018-0052

No comments yet

Leave a comment