CVE-2018-0014: ScreenOS: Etherleak vulnerability found on ScreenOS device
First published: Wed Jan 10 2018(Updated: )
Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetScreen ScreenOS | =6.3.0r1 | |
| NetScreen ScreenOS | =6.3.0r2 | |
| NetScreen ScreenOS | =6.3.0r3 | |
| NetScreen ScreenOS | =6.3.0r4 | |
| NetScreen ScreenOS | =6.3.0r5 | |
| NetScreen ScreenOS | =6.3.0r6 | |
| NetScreen ScreenOS | =6.3.0r7 | |
| NetScreen ScreenOS | =6.3.0r8 | |
| NetScreen ScreenOS | =6.3.0r9 | |
| NetScreen ScreenOS | =6.3.0r10 | |
| NetScreen ScreenOS | =6.3.0r11 | |
| NetScreen ScreenOS | =6.3.0r12 | |
| NetScreen ScreenOS | =6.3.0r13 | |
| NetScreen ScreenOS | =6.3.0r14 | |
| NetScreen ScreenOS | =6.3.0r15 | |
| NetScreen ScreenOS | =6.3.0r16 | |
| NetScreen ScreenOS | =6.3.0r17 | |
| NetScreen ScreenOS | =6.3.0r18 | |
| NetScreen ScreenOS | =6.3.0r19 | |
| NetScreen ScreenOS | =6.3.0r20 | |
| NetScreen ScreenOS | =6.3.0r21 | |
| NetScreen ScreenOS | =6.3.0r22 | |
| NetScreen ScreenOS | =6.3.0r23 | |
| NetScreen ScreenOS | =6.3.0r24 | |
| NetScreen ScreenOS | =6.3.0r25 |
Remedy
The following software releases have been updated to resolve this specific issue: 6.3.0r25 and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-0014?
CVE-2018-0014 has a medium severity rating as it allows potential exposure of sensitive information through packet fragments.
How do I fix CVE-2018-0014?
To fix CVE-2018-0014, update your Juniper Networks ScreenOS devices to version 6.3.0r26 or later.
What types of devices are affected by CVE-2018-0014?
CVE-2018-0014 affects all versions of Juniper Networks ScreenOS prior to 6.3.0r26.
What risks are associated with CVE-2018-0014?
The risks associated with CVE-2018-0014 include potential exposure of sensitive data from system memory due to insufficient packet padding.
Is CVE-2018-0014 related to any previous vulnerabilities?
Yes, CVE-2018-0014 is often detected as CVE-2003-0001.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/netscreen screenos
- version/netscreen screenos/6.3.0r1
- version/netscreen screenos/6.3.0r2
- version/netscreen screenos/6.3.0r3
- version/netscreen screenos/6.3.0r4
- version/netscreen screenos/6.3.0r5
- version/netscreen screenos/6.3.0r6
- version/netscreen screenos/6.3.0r7
- version/netscreen screenos/6.3.0r8
- version/netscreen screenos/6.3.0r9
- version/netscreen screenos/6.3.0r10
- version/netscreen screenos/6.3.0r11
- version/netscreen screenos/6.3.0r12
- version/netscreen screenos/6.3.0r13
- version/netscreen screenos/6.3.0r14
- version/netscreen screenos/6.3.0r15
- version/netscreen screenos/6.3.0r16
- version/netscreen screenos/6.3.0r17
- version/netscreen screenos/6.3.0r18
- version/netscreen screenos/6.3.0r19
- version/netscreen screenos/6.3.0r20
- version/netscreen screenos/6.3.0r21
- version/netscreen screenos/6.3.0r22
- version/netscreen screenos/6.3.0r23
- version/netscreen screenos/6.3.0r24
- version/netscreen screenos/6.3.0r25