CVE-2018-0008: Junos OS: commit script may allow unauthenticated root login upon reboot
First published: Wed Jan 10 2018(Updated: )
An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Junos OS Evolved | =12.1x46 | |
| Junos OS Evolved | =12.1x46-d10 | |
| Junos OS Evolved | =12.1x46-d15 | |
| Junos OS Evolved | =12.1x46-d20 | |
| Junos OS Evolved | =12.1x46-d25 | |
| Junos OS Evolved | =12.1x46-d30 | |
| Junos OS Evolved | =12.1x46-d35 | |
| Junos OS Evolved | =12.1x46-d40 | |
| Junos OS Evolved | =12.1x46-d45 | |
| Junos OS Evolved | =12.1x46-d50 | |
| Junos OS Evolved | =12.1x46-d55 | |
| Junos OS Evolved | =12.1x46-d60 | |
| Junos OS Evolved | =12.1x46-d65 | |
| Juniper SRX100 | ||
| Juniper SRX110 | ||
| Juniper SRX1400 | ||
| Juniper SRX1500 | ||
| Juniper SRX210 | ||
| Juniper SRX220 | ||
| Juniper SRX240 | ||
| Juniper SRX300 | ||
| Juniper SRX320 | ||
| Juniper SRX340 | ||
| Juniper SRX3400 | ||
| Juniper SRX345 | ||
| Juniper SRX3600 | ||
| Juniper SRX4100 | ||
| Juniper SRX4200 | ||
| Juniper SRX5400 | ||
| Juniper SRX550 | ||
| Juniper SRX5600 | ||
| Juniper SRX5800 | ||
| Juniper SRX650 | ||
| Junos OS Evolved | =12.3x48 | |
| Junos OS Evolved | =12.3x48-d10 | |
| Junos OS Evolved | =12.3x48-d15 | |
| Junos OS Evolved | =12.3x48-d20 | |
| Junos OS Evolved | =12.3x48-d25 | |
| Junos OS Evolved | =12.3x48-d30 | |
| Junos OS Evolved | =12.3x48-d35 | |
| Junos OS Evolved | =12.3x48-d40 | |
| Junos OS Evolved | =12.3x48-d45 | |
| Junos OS Evolved | =12.3x48-d50 | |
| Junos OS Evolved | =15.1x49 | |
| Junos OS Evolved | =15.1x49-d10 | |
| Junos OS Evolved | =15.1x49-d100 | |
| Junos OS Evolved | =15.1x49-d20 | |
| Junos OS Evolved | =15.1x49-d30 | |
| Junos OS Evolved | =15.1x49-d35 | |
| Junos OS Evolved | =15.1x49-d40 | |
| Junos OS Evolved | =15.1x49-d45 | |
| Junos OS Evolved | =15.1x49-d50 | |
| Junos OS Evolved | =15.1x49-d55 | |
| Junos OS Evolved | =15.1x49-d60 | |
| Junos OS Evolved | =15.1x49-d65 | |
| Junos OS Evolved | =15.1x49-d70 | |
| Junos OS Evolved | =15.1x49-d75 | |
| Junos OS Evolved | =15.1x49-d80 | |
| Junos OS Evolved | =15.1x49-d90 | |
| Junos OS Evolved | =14.1 | |
| Junos OS Evolved | =14.1-r1 | |
| Junos OS Evolved | =14.1-r2 | |
| Junos OS Evolved | =14.1-r3 | |
| Junos OS Evolved | =14.1-r4 | |
| Junos OS Evolved | =14.1-r5 | |
| Junos OS Evolved | =14.1-r6 | |
| Junos OS Evolved | =14.1-r7 | |
| Junos OS Evolved | =14.1x53 | |
| Junos OS Evolved | =14.1x53-d10 | |
| Junos OS Evolved | =14.1x53-d15 | |
| Junos OS Evolved | =14.1x53-d16 | |
| Junos OS Evolved | =14.1x53-d25 | |
| Junos OS Evolved | =14.1x53-d26 | |
| Junos OS Evolved | =14.1x53-d27 | |
| Junos OS Evolved | =14.1x53-d30 | |
| Junos OS Evolved | =14.1x53-d35 | |
| Juniper EX2200-C | ||
| Juniper EX2300-24T | ||
| Juniper EX3300-VX | ||
| Juniper EX3400 | ||
| Juniper EX Series | ||
| Juniper EX4300-24T | ||
| juniper ex4500-vc | ||
| Juniper EX Series | ||
| Juniper EX4600 | ||
| Juniper EX6200 | ||
| Juniper EX Series | ||
| Juniper EX9200 | ||
| Juniper Networks QFX-Series | ||
| Juniper Networks QFX-Series | ||
| Juniper QFX3600-I | ||
| Juniper QFX5100 | ||
| Juniper QFX5110 | ||
| Juniper QFX5200-32C | ||
| Junos OS Evolved | =14.2 | |
| Junos OS Evolved | =14.2-r1 | |
| Junos OS Evolved | =14.2-r2 | |
| Junos OS Evolved | =14.2-r3 | |
| Junos OS Evolved | =14.2-r4 | |
| Junos OS Evolved | =14.2-r5 | |
| Junos OS Evolved | =14.2-r6 | |
| Junos OS Evolved | =14.2-r7 | |
| Junos OS Evolved | =14.2-r8 | |
| Junos OS Evolved | =15.1 | |
| Junos OS Evolved | =15.1-a1 | |
| Junos OS Evolved | =15.1-f1 | |
| Junos OS Evolved | =15.1-f2 | |
| Junos OS Evolved | =15.1-f2-s1 | |
| Junos OS Evolved | =15.1-f2-s2 | |
| Junos OS Evolved | =15.1-f2-s3 | |
| Junos OS Evolved | =15.1-f2-s4 | |
| Junos OS Evolved | =15.1-f3 | |
| Junos OS Evolved | =15.1-f4 | |
| Junos OS Evolved | =15.1-f5 | |
| Junos OS Evolved | =15.1-f6-s8 | |
| Junos OS Evolved | =15.1-r5-s6 | |
| Junos OS Evolved | =15.1-r6 | |
| Junos OS Evolved | =15.1x53 | |
| Junos OS Evolved | =15.1x53-d20 | |
| Junos OS Evolved | =15.1x53-d21 | |
| Junos OS Evolved | =15.1x53-d210 | |
| Junos OS Evolved | =15.1x53-d230 | |
| Junos OS Evolved | =15.1x53-d25 | |
| Junos OS Evolved | =15.1x53-d30 | |
| Junos OS Evolved | =15.1x53-d32 | |
| Junos OS Evolved | =15.1x53-d33 | |
| Junos OS Evolved | =15.1x53-d34 | |
| Junos OS Evolved | =15.1x53-d60 | |
| Junos OS Evolved | =15.1x53-d61 | |
| Junos OS Evolved | =15.1x53-d62 | |
| Junos OS Evolved | =15.1x53-d63 | |
| Junos OS Evolved | =15.1x53-d70 | |
| Junos OS Evolved | =15.1x53-d470 | |
| Juniper Networks NFX-Series | ||
| Junos OS Evolved | =15.1x53-d50 | |
| Junos OS Evolved | =15.1x53-d51 | |
| Junos OS Evolved | =15.1x53-d52 | |
| Junos OS Evolved | =15.1x53-d55 | |
| Junos OS Evolved | =15.1x53-d57 | |
| Junos OS Evolved | =15.1x53-d64 | |
| Junos OS Evolved | =16.1-r1 |
Remedy
The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.3X48-D55, 14.1R9, 14.1X53-D40, 14.2R7-S9, 14.2R8, 15.1F5-S7, 15.1R5-S6, 15.1R6, 15.1X49-D110, 15.1X53-D232, 15.1X53-D65, 16.1R2, 16.2R1 and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id/1040186
- https://kb.juniper.net/JSA10835
- https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2018-0008?
CVE-2018-0008 has a critical severity level due to the potential for unauthenticated root access.
How do I fix CVE-2018-0008?
To fix CVE-2018-0008, update the affected Juniper JUNOS versions to the latest patched release.
What systems are affected by CVE-2018-0008?
CVE-2018-0008 affects various versions of Juniper JUNOS including 12.1x46 and 15.1x49.
Is CVE-2018-0008 exploit possible without authentication?
Yes, CVE-2018-0008 allows for root login without authentication, making it particularly dangerous.
Are newer versions of JUNOS impacted by CVE-2018-0008?
No, newer versions of JUNOS that are not specified in the CVE are not impacted by CVE-2018-0008.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/junos os evolved
- version/junos os evolved/12.1x46
- version/junos os evolved/12.1x46-d10
- version/junos os evolved/12.1x46-d15
- version/junos os evolved/12.1x46-d20
- version/junos os evolved/12.1x46-d25
- version/junos os evolved/12.1x46-d30
- version/junos os evolved/12.1x46-d35
- version/junos os evolved/12.1x46-d40
- version/junos os evolved/12.1x46-d45
- version/junos os evolved/12.1x46-d50
- version/junos os evolved/12.1x46-d55
- version/junos os evolved/12.1x46-d60
- version/junos os evolved/12.1x46-d65
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx1500
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx3400
- canonical/juniper srx345
- canonical/juniper srx3600
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650
- version/junos os evolved/12.3x48
- version/junos os evolved/12.3x48-d10
- version/junos os evolved/12.3x48-d15
- version/junos os evolved/12.3x48-d20
- version/junos os evolved/12.3x48-d25
- version/junos os evolved/12.3x48-d30
- version/junos os evolved/12.3x48-d35
- version/junos os evolved/12.3x48-d40
- version/junos os evolved/12.3x48-d45
- version/junos os evolved/12.3x48-d50
- version/junos os evolved/15.1x49
- version/junos os evolved/15.1x49-d10
- version/junos os evolved/15.1x49-d100
- version/junos os evolved/15.1x49-d20
- version/junos os evolved/15.1x49-d30
- version/junos os evolved/15.1x49-d35
- version/junos os evolved/15.1x49-d40
- version/junos os evolved/15.1x49-d45
- version/junos os evolved/15.1x49-d50
- version/junos os evolved/15.1x49-d55
- version/junos os evolved/15.1x49-d60
- version/junos os evolved/15.1x49-d65
- version/junos os evolved/15.1x49-d70
- version/junos os evolved/15.1x49-d75
- version/junos os evolved/15.1x49-d80
- version/junos os evolved/15.1x49-d90
- version/junos os evolved/14.1
- version/junos os evolved/14.1-r1
- version/junos os evolved/14.1-r2
- version/junos os evolved/14.1-r3
- version/junos os evolved/14.1-r4
- version/junos os evolved/14.1-r5
- version/junos os evolved/14.1-r6
- version/junos os evolved/14.1-r7
- version/junos os evolved/14.1x53
- version/junos os evolved/14.1x53-d10
- version/junos os evolved/14.1x53-d15
- version/junos os evolved/14.1x53-d16
- version/junos os evolved/14.1x53-d25
- version/junos os evolved/14.1x53-d26
- version/junos os evolved/14.1x53-d27
- version/junos os evolved/14.1x53-d30
- version/junos os evolved/14.1x53-d35
- canonical/juniper ex2200-c
- canonical/juniper ex2300-24t
- canonical/juniper ex3300-vx
- canonical/juniper ex3400
- canonical/juniper ex series
- canonical/juniper ex4300-24t
- canonical/juniper ex4500-vc
- canonical/juniper ex4600
- canonical/juniper ex6200
- canonical/juniper ex9200
- canonical/juniper networks qfx-series
- canonical/juniper qfx3600-i
- canonical/juniper qfx5100
- canonical/juniper qfx5110
- canonical/juniper qfx5200-32c
- version/junos os evolved/14.2
- version/junos os evolved/14.2-r1
- version/junos os evolved/14.2-r2
- version/junos os evolved/14.2-r3
- version/junos os evolved/14.2-r4
- version/junos os evolved/14.2-r5
- version/junos os evolved/14.2-r6
- version/junos os evolved/14.2-r7
- version/junos os evolved/14.2-r8
- version/junos os evolved/15.1
- version/junos os evolved/15.1-a1
- version/junos os evolved/15.1-f1
- version/junos os evolved/15.1-f2
- version/junos os evolved/15.1-f2-s1
- version/junos os evolved/15.1-f2-s2
- version/junos os evolved/15.1-f2-s3
- version/junos os evolved/15.1-f2-s4
- version/junos os evolved/15.1-f3
- version/junos os evolved/15.1-f4
- version/junos os evolved/15.1-f5
- version/junos os evolved/15.1-f6-s8
- version/junos os evolved/15.1-r5-s6
- version/junos os evolved/15.1-r6
- version/junos os evolved/15.1x53
- version/junos os evolved/15.1x53-d20
- version/junos os evolved/15.1x53-d21
- version/junos os evolved/15.1x53-d210
- version/junos os evolved/15.1x53-d230
- version/junos os evolved/15.1x53-d25
- version/junos os evolved/15.1x53-d30
- version/junos os evolved/15.1x53-d32
- version/junos os evolved/15.1x53-d33
- version/junos os evolved/15.1x53-d34
- version/junos os evolved/15.1x53-d60
- version/junos os evolved/15.1x53-d61
- version/junos os evolved/15.1x53-d62
- version/junos os evolved/15.1x53-d63
- version/junos os evolved/15.1x53-d70
- version/junos os evolved/15.1x53-d470
- canonical/juniper networks nfx-series
- version/junos os evolved/15.1x53-d50
- version/junos os evolved/15.1x53-d51
- version/junos os evolved/15.1x53-d52
- version/junos os evolved/15.1x53-d55
- version/junos os evolved/15.1x53-d57
- version/junos os evolved/15.1x53-d64
- version/junos os evolved/16.1-r1