#VU10149 Privilege escalation in Juniper Junos OS - CVE-2018-0008

Cybersecurity Help s.r.o.

Published: 2018-01-15 | Updated: 2018-01-23

Vulnerability identifier: #VU10149

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-0008

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Juniper Junos OS
Operating systems & Components / Operating system

Vendor: Juniper Networks, Inc.

Description
The vulnerability allows a physically local attacker to gain elevated privileges on the target system.

The weakness exists due to improper access and privileges controls. A physically local attacker on the console can gain root access without authenticating after an authenticated administrator has run a commit script containing certain instructions and the system reboots into a "safe mode" authentication state.

Mitigation
The vulnerability is addressed in the following versions: 12.1X46-D71, 12.3X48-D55, 14.1R9, 14.1X53-D40, 14.2R7-S9, 14.2R8, 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6, 15.1X49-D110, 15.1X53-D49, 15.1X53-D470, 15.1X53-D232, 15.1X53-D65, 16.1R2, 16.2R1.

Vulnerable software versions

Juniper Junos OS: 12.1r - 12.1, 12.2x50 - 12.2, 12.3R10 - 12.3, 14.1R2-S10 - 14.1, 14.2R - 14.2, 15.1R - 15.1, 15.2, 16.1

External links
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10835

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 9 update for kernel-rt

Multiple vulnerabilities in Juniper Junos