CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.3%
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA10893 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(178671);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/20");
script_cve_id("CVE-2018-0058");
script_xref(name:"JSA", value:"JSA10893");
script_name(english:"Juniper Junos OS Vulnerability (JSA10893)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA10893
advisory.
- Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore),
causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route
processing on MX Series subscriber management platforms, introduced by the Tomcat (Next Generation
Subscriber Management) functionality in Junos OS 15.1. This issue affects no other platforms or
configurations. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8
on MX Series; 16.1 versions prior to 16.1R4-S11, 16.1R7-S2, 16.1R8 on MX Series; 16.2 versions prior to
16.2R3 on MX Series; 17.1 versions prior to 17.1R2-S9, 17.1R3 on MX Series; 17.2 versions prior to
17.2R2-S6, 17.2R3 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S2, 17.3R4 on MX Series; 17.4
versions prior to 17.4R2 on MX Series; 18.1 versions prior to 18.1R2-S3, 18.1R3 on MX Series; 18.2
versions prior to 18.2R1-S1, 18.2R2 on MX Series. (CVE-2018-0058)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://supportportal.juniper.net/s/article/2018-10-Security-Bulletin-MX-Series-In-BBE-configurations-receipt-of-a-crafted-IPv6-exception-packet-causes-a-Denial-of-Service-CVE-2018-0058
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e962e4cd");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA10893");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0058");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/10");
script_set_attribute(attribute:"patch_publication_date", value:"2018/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/20");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
exit(0);
}
include('junos.inc');
var model = get_kb_item_or_exit('Host/Juniper/model');
if (model !~ "^MX")
{
audit(AUDIT_DEVICE_NOT_VULN, model);
}
var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var vuln_ranges = [
{'min_ver':'15.1', 'fixed_ver':'15.1R7-S2', 'model':'^MX', 'fixed_display':'15.1R7-S2, 15.1R8'},
{'min_ver':'16.1', 'fixed_ver':'16.1R4-S11', 'model':'^MX', 'fixed_display':'16.1R4-S11, 16.1R8'},
{'min_ver':'16.1R7', 'fixed_ver':'16.1R7-S2', 'model':'^MX'},
{'min_ver':'16.2', 'fixed_ver':'16.2R3', 'model':'^MX'},
{'min_ver':'17.1', 'fixed_ver':'17.1R2-S9', 'model':'^MX', 'fixed_display':'17.1R2-S9, 17.1R3'},
{'min_ver':'17.2', 'fixed_ver':'17.2R2-S6', 'model':'^MX', 'fixed_display':'17.2R2-S6, 17.2R3'},
{'min_ver':'17.3', 'fixed_ver':'17.3R2-S4', 'model':'^MX', 'fixed_display':'17.3R2-S4, 17.3R4'},
{'min_ver':'17.3R3', 'fixed_ver':'17.3R3-S2', 'model':'^MX'},
{'min_ver':'17.4', 'fixed_ver':'17.4R2', 'model':'^MX'},
{'min_ver':'18.1', 'fixed_ver':'18.1R2-S3', 'model':'^MX', 'fixed_display':'18.1R2-S3, 18.1R3'},
{'min_ver':'18.2', 'fixed_ver':'18.2R1-S1', 'model':'^MX', 'fixed_display':'18.2R1-S1, 18.2R2'}
];
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.3%