CVE-2018-0001

Published Jan 10, 2018
Last updated 7 years ago
CVSS critical 9.8
Overview

Description: A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70.
Source: sirt@juniper.net
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-416
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50E7FD07-A309-48EC-A520-C7F0FA35865C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F868948A-04D7-473B-971F-721302653633"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "830A9EBA-88F1-4277-B98F-75AC52A60824"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFA2ADAB-E486-4DBB-8B84-CC095D102278"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d55:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9ACD0C03-ACD9-4D47-B3EE-1D8753FF5A83"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d60:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DD32D8A-7531-4691-B45D-9EACC69A23D6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d65:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76DFA52F-5B2E-47DA-9A8E-7D17A7413929"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4AC2E1E-74FB-4DA3-8292-B2079F83FF54"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FF83BD0-3B28-481E-8C8F-09ECDA493DA4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E296274-AFC1-4F56-A4B3-827C2E0BC9D5"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C82799B-BD25-4359-9E3D-4D7CA7367525"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E5FAA97-171F-4DB9-B78E-6E1A5F34336A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E3B807C-196D-42B8-9042-7582A1366772"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83FEEE8F-9279-46F2-BAF9-A60537020C61"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F294E43-73FA-4EF3-90F2-EE29C56D6573"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDDE1048-BFEA-4A3E-8270-27C538A68837"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC517CD0-FF35-498F-AD33-683B43CA3829"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d60:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "962CCED8-E321-4878-9BE6-0DC33778559A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d61:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B08B97A-5D4D-405B-A1C4-9E327E4EED35"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d62:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "738C1061-E8B8-4924-AFE9-5E59F22CA4A8"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d63:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9071DC8C-D0AA-448E-82BF-7C801199193F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6237291A-B861-4D53-B7AA-C53A44B76896"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C778627-820A-48F5-9680-0205D6DB5EB6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA7F03DC-73A2-4760-B386-2A57E9C97E65"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CA10003-D52B-4110-9D7A-F50895E6BA17"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B2D843A-8ADE-4888-8960-B48394DEA1D2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1:r8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF0B8539-31FF-4AE9-91D6-47E6305D9EDF"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1:r9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A76DAC5-AEC4-47E8-9876-71EE5BAD73E2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79149AA0-17D1-4522-894F-C025F7A30FD7"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30726286-7CB1-4E5D-AE44-2B4D84795900"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.2:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33BE028F-2961-414A-9D42-C4861566C2DC"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.2:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E85AB30C-03FC-44DB-A8AA-B916A905CA66"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.2:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D01CA25F-E1E1-4831-8561-D3B0300BF4A7"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.2:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C31AA11-FA95-4927-9E48-D46BBE4945B1"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.2:r8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "469B95AC-E779-43D2-A24F-B9CB6D5DB9B8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E6CD065-EC06-4846-BD2A-D3CA7866070F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E014A0D-0054-4EBA-BA1F-035B74BD822F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "371A7DF8-3F4B-439D-8990-D1BC6F0C25C5"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "661B4C1E-DB85-4EB0-B26F-F6496CEF0AA6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CC3BCFD-2B0F-4994-9FE4-9D37FA85F1E2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6F309FD-0A5A-4C86-B227-B2B511A5CEB4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "960059B5-0701-4B75-AB51-0A430247D9F0"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D1DCA52-DA81-495B-B516-5571F01E3B0A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05E187F6-BACD-4DD5-B393-B2FE4349053A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C240840-A6BC-4E3D-A60D-22F08E67E2B2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC90563F-6BCB-4D77-8FD4-584E3A6C7741"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:12.3:r9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AD03BA7-D9EC-420F-97C4-383F79D6873F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C7FCCC1-B151-465A-8327-26DB5DC074F0"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09771B8F-8B2A-4E8B-B4D3-80677697FCF3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55E2F909-E1CC-45AA-ABA9-58178B751808"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1AA12C5-4520-4F79-80BE-66112F7AFC2A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "807C8110-5CC2-45F0-B094-BBF9C0B63BDD"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "547E5737-D385-49B9-A69F-A3B185A34116"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ED257ED-A56B-48A6-8568-65F36FFFC753"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAE14AE1-6756-4831-A8D5-A6D07DB24AF2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d50:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A47ABEA1-BEA0-44E9-B75B-B311CF7E88F3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
