CVE-2018-0026

Junos OS: Stateless IP firewall filter rules stop working as expected after reboot or upgrade

CVSS 4.7 MEDIUMEPSS 1.8%

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.7EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 jul 2018Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces <interface_name> extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Note: when the issue occurs, it does not show the applied firewall filter. The correct output should show the applied firewall filter, for example: user@re0> show interfaces <interface_name> extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Input Filters: FIREWAL_FILTER_NAME-<interface_name> This issue affects firewall filters for every address family. Affected releases are Juniper Networks Junos OS: 15.1R4, 15.1R5, 15.1R6 and SRs based on these MRs. 15.1X8 versions prior to 15.1X8.3.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Produtos afetados

Juniper Networks · Junos OS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://kb.juniper.net/JSA10859 http://www.securityfocus.com/bid/104720 http://www.securitytracker.com/id/1041315