Lucene search
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.JUNIPER_JSA11021.NASLHistoryMay 01, 2020 - 12:00 a.m.
Juniper Junos Local File Include Vulnerability (JSA11021)
2020-05-0100:00:00
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
77.1%
According to the self reported version of Junos OS on the remote device it is affected by a local file inclusion vulnerability in HTTP/HTTPS service. An unauthenticated remote attacker can exploit this to perform local file inclusion (LFI), path traversal or maybe able to inject commands into the httpd.log, read files with ‘world’ readable file permission or obtain J-Web session tokens.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#TRUSTED 03cf3994d798d906aefb96930dc173972435cbdf6ed7f1fbdc0c0874a0f495edba7fd7647b151ac1d1fbb64ee5b41ce8432e559692bebb7c6b044af3a8dfaa56cea044c3d089417d500198fb751701b9a6963ec4632d57438665137d91b157905472acdbbde606e99b1335e02cd6d317564cdd590547dcee7ee22864b8e7f030be825bc12b50ca12e4a6e89b0c14a29f5867ca0eef38a8e3ed9a95a3aef6a60ee5ed2d12c3dd3c531abadb63f684ec41ba2c78415118f2dba84f2e07c0c63aa7fc1c27d46e6d230a409df231248d1a629ef2ae1ada49e97bf5b7c097b754bbd59a443ae437bbb3c0561aab2de98f5d4460298de86d4efdc87708a6b4325f0b0ebe30093e359b05d2b51967e51c257251fad9f609d8078e0868e75b1a2c62bd12e22478281a665337e5f89b6aedc18f55bb5d14d49f1437ecc2c40f8479ceccadae2d6fc55a2fac29abc994648c1b47e2daf0537615286d1ba338fc7eee4c87bc367357af52935801869a740fa2b59166f14db93e514c751109dff487f89c0d5cb78aeb52189a344d07b5935201dd397939c390d8f3f5f210b56d91baea0803c4005b765d38bb36b1716894c5063bc055f84dad9470923f4ed1eb511bf0cb20226230d6480d880ed729641a3473b7d00ab1a1fe10a40c99c7fd3cc5b26246a67c12afb57a143d1291c1edd9ff5c0af7154f0f1641f72da0f2c4189ceba9d3bd89
#TRUST-RSA-SHA256 02cec00765d01d87b16b9ebd5cb6946f97349aa43aa8d969f3daebdde4981de99964dd7edbe131db0ee71ac78585af8ac94bb026f959c5a360d8e1c19bdbecc514ce53cb70af54c72d44aba3a390b7f24ba14f934ac273a5ee2882733dd6eef1f16f8e9216a9418df39482ee9078d2bd95f02192c588cb655c5ea191fee93d8a53174750f3ce360519fb56b15dc523074475c0ba6aff6e57dd88db93ec446d4ba31e4d5b98e76e2aed3a8cb48f9e4eb2f9ed2390330d59432099fd325d88279e46d4eb55876e0e0acdf4f96dff3da7636ec3d68b60c4b335ba2fa3bb7d3248083ef3cd861e7139b57e1b9e1fd653edda4dd3ce535e13eb60ee19ca7cfb0d7f7722de0b25da57c5c02ac159532b0b04dc0eda77d88fc3163d12b701903dc072d6f7845df5b56aa646657b5a7f6e48fd356c0a873980e10280ea7e27b06890dcc8e2721e9274206258e727de69f948281f0bfd96116ddb416acf33102c6652b5b5f3e656bc3c28b8c5e7630b351c4b2f7a722ef308c0c89dc67e686b2dd712660f889b229491fcf7017ef81163f02f38b1ff3540c46050b75d910b5e9cc5c0a6f27b8a47cfc1d28dd6a66acce3c6c4493dcd68996525b49d1a2fd9fa46acdbc8c7610bfbfd335243cef9131c0b23ce7d51dd9f605c1755af3fbb35c5cd95dfe6bb98f942fc24a67e47442273b60b1448fb95f210a6e77066c433bde30ca53453b8
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(136285);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id("CVE-2020-1631");
script_xref(name:"JSA", value:"JSA11021");
script_xref(name:"IAVA", value:"2020-A-0181-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");
script_name(english:"Juniper Junos Local File Include Vulnerability (JSA11021)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to the self reported version of Junos OS on the remote device it is affected by a local file inclusion
vulnerability in HTTP/HTTPS service. An unauthenticated remote attacker can exploit this to perform local file inclusion (LFI),
path traversal or maybe able to inject commands into the httpd.log, read files with 'world' readable file permission or obtain
J-Web session tokens.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA11021");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA11021");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1631");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/27");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
exit(0);
}
include('audit.inc');
include('junos.inc');
include('junos_kb_cmd_func.inc');
include('misc_func.inc');
ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
model = get_kb_item_or_exit('Host/Juniper/model');
fixes = make_array();
fixes['12.3'] = '12.3R12-S16';
fixes['12.3X48'] = '12.3X48-D101';
fixes['14.1X53'] = '14.1X53-D54';
fixes['15.1R'] = '15.1R7-S7';
fixes['15.1X49'] = '15.1X49-D211';
fixes['16.1'] = '16.1R7-S8';
fixes['17.2'] = '17.2R3-S4';
fixes['17.3'] = '17.3R3-S8';
fixes['17.4'] = '17.4R3-S2';
fixes['18.1'] = '18.1R3-S10';
fixes['18.2'] = '18.2R2-S7';
fixes['18.3'] = '18.3R2-S4';
fixes['18.4'] = '18.4R1-S7';
fixes['19.1'] = '19.1R1-S5';
fixes['19.2'] = '19.2R2';
fixes['19.3'] = '19.3R2-S3';
fixes['19.4'] = '19.4R1-S2';
fixes['20.1'] = '20.1R1-S1';
fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
# Check for NG-RE, if not output not vuln
buf = junos_command_kb_item(cmd:'show system processes | match http');
if (junos_check_result(buf))
{
report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver);
Related
prion
prion
Path traversal
2020-05-04 10:15:00
cisa_kev
cisa_kev
Juniper Junos OS Path Traversal Vulnerability
2022-03-25 00:00:00
cvelist
cvelist
attackerkb
attackerkb
CVE-2020-1631
2020-04-27 00:00:00
nvd
nvd
CVE-2020-1631
2020-05-04 10:15:10
cve
cve
CVE-2020-1631
2020-05-04 10:15:10
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
77.1%
Related for JUNIPER_JSA11021.NASL