Vulnerability Name:

CVE-2018-0035 (CCN-146311)

Assigned:2017-11-16
Published:2018-07-11
Updated:2019-10-09
Summary:QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-0035

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1041336

Source: XF
Type: UNKNOWN
juniper-junos-cve20180035-dos(146311)

Source: CCN
Type: Juniper Networks Security Bulletin JSA10869
Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images (CVE-2018-0035)

Source: CONFIRM
Type: Vendor Advisory
https://kb.juniper.net/JSA10869

Vulnerable Configuration:Configuration 1:
  • cpe:/o:juniper:junos:15.1x53:d21:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d30:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d31:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d32:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d33:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d60:*:*:*:*:*:*
  • AND
  • cpe:/h:juniper:qfx10002:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:qfx5200:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:juniper:junos:15.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    juniper junos 15.1x53 d21
    juniper junos 15.1x53 d30
    juniper junos 15.1x53 d31
    juniper junos 15.1x53 d32
    juniper junos 15.1x53 d33
    juniper junos 15.1x53 d60
    juniper qfx10002 -
    juniper qfx5200 -
    juniper junos 15.1