CVE-2018-0035
Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue.
Los dispositivos QFX5200 y QFX10002 que se han distribuido con Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 y 15.1X53-D60 o que han sido actualizados a estas versiones mediante las imágenes .bin o .iso podrían contener una partición ONIE (Open Network Install Environment) adicional no planeada. Esta partición adicional permite que el superusuario reinicie en la partición ONIE, lo que eliminará el contenido de la partición Junos y su configuración. Una vez reiniciada, la partición ONIE no tendrá contraseña root configurada, por lo que cualquier usuario podría acceder como root a la consola a la consola o SSH mediante una dirección IP adquirida desde DHCP. Una vez el dispositivo ha sido distribuido o actualizado con la partición ONIE instalada, el problema persistirá. La simple actualización a una versión superior mediante la interfaz de línea de comandos no resolverá este problema. No hay ningún otro producto o plataforma de Juniper Networks que se vea afectado por este problema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-16 CVE Reserved
- 2018-07-11 CVE Published
- 2023-12-02 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1041336 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/JSA10869 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d21 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx10002 Search vendor "Juniper" for product "Qfx10002" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d21 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx5200 Search vendor "Juniper" for product "Qfx5200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d30 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx10002 Search vendor "Juniper" for product "Qfx10002" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d30 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx5200 Search vendor "Juniper" for product "Qfx5200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d31 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx10002 Search vendor "Juniper" for product "Qfx10002" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d31 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx5200 Search vendor "Juniper" for product "Qfx5200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d32 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx10002 Search vendor "Juniper" for product "Qfx10002" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d32 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx5200 Search vendor "Juniper" for product "Qfx5200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d33 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx10002 Search vendor "Juniper" for product "Qfx10002" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d33 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx5200 Search vendor "Juniper" for product "Qfx5200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d60 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx10002 Search vendor "Juniper" for product "Qfx10002" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d60 |
Affected
| in | Juniper Search vendor "Juniper" | Qfx5200 Search vendor "Juniper" for product "Qfx5200" | - | - |
Safe
|