SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |   



Category:   Device (Router/Bridge/Hub)  >   Juniper Junos Vendors:   Juniper
Juniper Junos on QFX5200/QFX10002 Platforms Lets Local Superusers Cause Denial of Service Conditions on the Target System
SecurityTracker Alert ID:  1041336
SecurityTracker URL:  https://securitytracker.com/id/1041336
CVE Reference:   CVE-2018-0035   (Links to External Site)
Date:  Jul 19 2018
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): QFX5200 and QFX10002 platforms; 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33, 15.1X53-D60
Description:   A vulnerability was reported in Juniper Junos. A local user can cause denial of service conditions on the target system.

QFX5200 and QFX10002 series devices shipped with certain versions of Junos or upgraded to these versions may contain an unintended additional Open Network Install Environment (ONIE) partition that allows a local (superuser) user to reboot to the ONIE partition and wipe out the Junos partition and configuration.

Once rebooted, the ONIE partition root account will have no password.

Impact:   A local superuser can delete the Junos partition and configuration.
Solution:   The vendor advises that users must reimage the device using the USB or PXE image from the Juniper download page.

The vendor advisory is available at:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10869

Vendor URL:  kb.juniper.net/InfoCenter/index?page=content&id=JSA10869 (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents

Subject:  https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10869


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search


Content previously copyright SecurityGlobal.net LLC placed in the public domain on December 31, 2019.