CVE-2018-0024
CVSSN/A
发布时间 :2018-07-11 14:29:00
修订时间 :2018-07-13 21:29:01
NMS    

[原文]An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0024
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0024
(官方数据源) NVD

- 其它链接及资源

http://www.securityfocus.com/bid/104718
(UNKNOWN)  BID  104718
https://kb.juniper.net/JSA10857
(UNKNOWN)  CONFIRM  https://kb.juniper.net/JSA10857

- 漏洞信息

Juniper Junos CVE-2018-0024 Local Privilege Escalation Vulnerability
Design Error 104718
No Yes
2018-07-11 12:00:00 2018-07-11 12:00:00
The vendor reported this issue.

- 受影响的程序版本

Juniper SRX Series 0
Juniper Junos 15.1X49-D15
Juniper Junos 15.1X49
Juniper Junos 14.1X53-D28
Juniper Junos 14.1X53-D26
Juniper Junos 14.1X53-D25
Juniper Junos 14.1X53-D20
Juniper Junos 14.1X53-D18
Juniper Junos 14.1X53-D16
Juniper Junos 14.1X53-D12
Juniper Junos 14.1X53-D10
Juniper Junos 14.1X53
Juniper Junos 12.3X48-D15
Juniper Junos 12.3X48-D10
Juniper Junos 12.3X48
Juniper Junos 12.3R9
Juniper Junos 12.3R8
Juniper Junos 12.3R7
Juniper Junos 12.3R6
Juniper Junos 12.3R5
Juniper JUNOS 12.3R4
Juniper JUNOS 12.3R3
Juniper JUNOS 12.3R2
Juniper Junos 12.3R10.2
Juniper Junos 12.3R10
Juniper Junos 12.1X46-D40
Juniper Junos 12.1X46-D37
Juniper Junos 12.1X46-D36
Juniper Junos 12.1X46-D35
Juniper Junos 12.1X46-D30
Juniper Junos 12.1X46-D26
Juniper JUNOS 12.1X46-D25
Juniper Junos 12.1X46-D20.5
Juniper Junos 12.1X46-D20
Juniper Junos 12.1X46-D15
Juniper Junos 12.1X46-D10
Juniper Junos 12.1X46 D25
Juniper JUNOS 12.1X46 D20
Juniper JUNOS 12.1X46 D15
Juniper Junos 12.1X46 D10
Juniper JUNOS 12.1X46 -D10
Juniper Junos 12.1X46
,Juniper Junos 15.1X49-D20
Juniper Junos 14.1X53-D30
Juniper Junos 12.3X48-D20
Juniper Junos 12.3R11
Juniper Junos 12.1X46-D45

- 不受影响的程序版本

Juniper Junos 15.1X49-D20
Juniper Junos 14.1X53-D30
Juniper Junos 12.3X48-D20
Juniper Junos 12.3R11
Juniper Junos 12.1X46-D45

- 漏洞讨论

Juniper Junos is prone to a local privilege-escalation vulnerability.

Local attackers could exploit this issue to run arbitrary commands with root privileges.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站