CVE-2018-0024

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Junos	Juniper	12.1x46 (including)	12.1x46 (including)
Junos	Juniper	12.1x46-d10 (including)	12.1x46-d10 (including)
Junos	Juniper	12.1x46-d15 (including)	12.1x46-d15 (including)
Junos	Juniper	12.1x46-d20 (including)	12.1x46-d20 (including)
Junos	Juniper	12.1x46-d25 (including)	12.1x46-d25 (including)
Junos	Juniper	12.1x46-d30 (including)	12.1x46-d30 (including)
Junos	Juniper	12.1x46-d35 (including)	12.1x46-d35 (including)
Junos	Juniper	12.1x46-d40 (including)	12.1x46-d40 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0024
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

References

CVE-2018-0024

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References