CVE-2018-0014: ScreenOS: Etherleak vulnerability found on ScreenOS device

First published: Wed Jan 10 2018(Updated: )

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper ScreenOS	=6.3.0r1
Juniper ScreenOS	=6.3.0r2
Juniper ScreenOS	=6.3.0r3
Juniper ScreenOS	=6.3.0r4
Juniper ScreenOS	=6.3.0r5
Juniper ScreenOS	=6.3.0r6
Juniper ScreenOS	=6.3.0r7
Juniper ScreenOS	=6.3.0r8
Juniper ScreenOS	=6.3.0r9
Juniper ScreenOS	=6.3.0r10
Juniper ScreenOS	=6.3.0r11
Juniper ScreenOS	=6.3.0r12
Juniper ScreenOS	=6.3.0r13
Juniper ScreenOS	=6.3.0r14
Juniper ScreenOS	=6.3.0r15
Juniper ScreenOS	=6.3.0r16
Juniper ScreenOS	=6.3.0r17
Juniper ScreenOS	=6.3.0r18
Juniper ScreenOS	=6.3.0r19
Juniper ScreenOS	=6.3.0r20
Juniper ScreenOS	=6.3.0r21
Juniper ScreenOS	=6.3.0r22
Juniper ScreenOS	=6.3.0r23
Juniper ScreenOS	=6.3.0r24
Juniper ScreenOS	=6.3.0r25

Remedy

The following software releases have been updated to resolve this specific issue: 6.3.0r25 and all subsequent releases.

Never miss a vulnerability like this again

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.