// For flags

CVE-2018-0053

vSRX Series: A local authentication vulnerability may lead to full control of a vSRX instance while the system is booting.

Severity Score

6.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX.

Una vulnerabilidad de omisión de autenticación en la secuencia de arranque inicial en Juniper Networks Junos OS en vSRX Series podría permitir que un atacante obtenga el control total del sistema sin autenticación cuando el sistema se arranca inicialmente. Las versiones afectadas de Juniper Networks Junos OS son: Versiones 15.1X49 anteriores a la 15.1X49-D30 en vSRX.

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-16 CVE Reserved
  • 2018-10-10 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
References (2)
URL Tag Source
http://www.securitytracker.com/id/1041854 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA10887 2019-10-09
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
 Junos
Search vendor "Juniper" for product "Junos"
 15.1x49
Search vendor "Juniper" for product "Junos" and version "15.1x49"
-
Affected
in Juniper
Search vendor "Juniper"
 Vsrx
Search vendor "Juniper" for product "Vsrx"
--
Safe
Juniper
Search vendor "Juniper"
 Junos
Search vendor "Juniper" for product "Junos"
 15.1x49
Search vendor "Juniper" for product "Junos" and version "15.1x49"
d10
Affected
in Juniper
Search vendor "Juniper"
 Vsrx
Search vendor "Juniper" for product "Vsrx"
--
Safe
Juniper
Search vendor "Juniper"
 Junos
Search vendor "Juniper" for product "Junos"
 15.1x49
Search vendor "Juniper" for product "Junos" and version "15.1x49"
d20
Affected
in Juniper
Search vendor "Juniper"
 Vsrx
Search vendor "Juniper" for product "Vsrx"
--
Safe