Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveJuniperCVE-2018-0015
HistoryFeb 22, 2018 - 10:29 p.m.

CVE-2018-0015

2018-02-2222:29:00
CWE-862
juniper
web.nvd.nist.gov
32
cve-2018-0015
appformix
vulnerability
python debug console
system commands
root privilege
juniper sirt
nvd
security issue

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: All versions up to and including 2.7.3; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue.

Affected configurations

Nvd
Node
juniperappformixRange2.7.3
OR
juniperappformixRange2.112.11.3
OR
juniperappformixRange2.152.15.2
VendorProductVersionCPE
juniperappformix*cpe:2.3:a:juniper:appformix:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "AppFormix",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThanOrEqual": "2.7.3",
        "status": "affected",
        "version": "2.7",
        "versionType": "custom"
      },
      {
        "lessThan": "2.11.3",
        "status": "affected",
        "version": "2.11",
        "versionType": "custom"
      },
      {
        "lessThan": "2.15.2",
        "status": "affected",
        "version": "2.15",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2018-02-22 22:29:00
cvelist
cvelist
CVE-2018-0015 AppFormix: Debug Shell Command Execution in AppFormix Agent
2018-02-22 22:00:00
nvd
nvd
CVE-2018-0015
2018-02-22 22:29:00

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON
Related for CVE-2018-0015
prion1cvelist1nvd1