CVE-2018-0024
moderate-risk
Published 2018-07-11
An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/104718
Third Party Advisory
http://www.securitytracker.com/id/1041314
Mitigation
https://kb.juniper.net/JSA10857
Third Party Advisory
http://www.securityfocus.com/bid/104718
Third Party Advisory
http://www.securitytracker.com/id/1041314
Mitigation
https://kb.juniper.net/JSA10857
47
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
0/34 · Minimal
Exposure
23/34 · High