CVE-2018-0053

{"id": "CVE-2018-0053", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2018-10-10T18:29:02.530", "references": [{"url": "http://www.securitytracker.com/id/1041854", "tags": ["Third Party Advisory", "VDB Entry"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA10887", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}, {"url": "http://www.securitytracker.com/id/1041854", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kb.juniper.net/JSA10887", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la secuencia de arranque inicial en Juniper Networks Junos OS en vSRX Series podr\u00eda permitir que un atacante obtenga el control total del sistema sin autenticaci\u00f3n cuando el sistema se arranca inicialmente. Las versiones afectadas de Juniper Networks Junos OS son: Versiones 15.1X49 anteriores a la 15.1X49-D30 en vSRX."}], "lastModified": "2024-11-21T03:37:28.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:15.1x49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20DABA6A-FA7A-4289-8C6A-2B93689A5440"}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2"}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:juniper:vsrx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8B10DFCE-5331-4D79-8D9F-EF84743493D3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "sirt@juniper.net"}