CVE-2018-0024

Summary

CVE	CVE-2018-0024
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-07-11 18:29:00 UTC
Updated	2019-10-09 23:31:00 UTC
Description	An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.

Risk And Classification

Problem Types: CWE-269

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Juniper	Ex2200	-	All	All	All
Hardware	Juniper	Ex2200	-	All	All	All
Hardware	Juniper	Ex2200-c	-	All	All	All
Hardware	Juniper	Ex2200-c	-	All	All	All
Hardware	Juniper	Ex2200/vc	-	All	All	All
Hardware	Juniper	Ex2200/vc	-	All	All	All
Hardware	Juniper	Ex2200/vc	-	All	All	All
Hardware	Juniper	Ex2300	-	All	All	All
Hardware	Juniper	Ex2300	-	All	All	All
Hardware	Juniper	Ex2300-c	-	All	All	All
Hardware	Juniper	Ex2300-c	-	All	All	All
Hardware	Juniper	Ex3200	-	All	All	All
Hardware	Juniper	Ex3200	-	All	All	All
Hardware	Juniper	Ex3300	-	All	All	All
Hardware	Juniper	Ex3300	-	All	All	All
Hardware	Juniper	Ex3300/vc	-	All	All	All
Hardware	Juniper	Ex3300/vc	-	All	All	All
Hardware	Juniper	Ex3300/vc	-	All	All	All
Hardware	Juniper	Ex3400	-	All	All	All
Hardware	Juniper	Ex3400	-	All	All	All
Hardware	Juniper	Ex4200	-	All	All	All
Hardware	Juniper	Ex4200	-	All	All	All
Hardware	Juniper	Ex4300	-	All	All	All
Hardware	Juniper	Ex4300	-	All	All	All
Hardware	Juniper	Ex4550	-	All	All	All
Hardware	Juniper	Ex4550	-	All	All	All
Hardware	Juniper	Ex4550/vc	-	All	All	All
Hardware	Juniper	Ex4550/vc	-	All	All	All
Hardware	Juniper	Ex4550/vc	-	All	All	All
Hardware	Juniper	Ex4600	-	All	All	All
Hardware	Juniper	Ex4600	-	All	All	All
Hardware	Juniper	Ex6200	-	All	All	All
Hardware	Juniper	Ex6200	-	All	All	All
Hardware	Juniper	Ex8200/vc Xre	-	All	All	All
Hardware	Juniper	Ex8200/vc Xre	-	All	All	All
Hardware	Juniper	Ex8200/vc Xre	-	All	All	All
Hardware	Juniper	Ex9200	-	All	All	All
Hardware	Juniper	Ex9200	-	All	All	All
Hardware	Juniper	Ex Rps	-	All	All	All
Hardware	Juniper	Ex Rps	-	All	All	All
Operating System	Juniper	Junos	12.1x46	All	All	All
Operating System	Juniper	Junos	12.1x46	d10	All	All
Operating System	Juniper	Junos	12.1x46	d15	All	All
Operating System	Juniper	Junos	12.1x46	d20	All	All
Operating System	Juniper	Junos	12.1x46	d25	All	All
Operating System	Juniper	Junos	12.1x46	d30	All	All
Operating System	Juniper	Junos	12.1x46	d35	All	All
Operating System	Juniper	Junos	12.1x46	d40	All	All
Operating System	Juniper	Junos	12.3	All	All	All
Operating System	Juniper	Junos	12.3	r1	All	All
Operating System	Juniper	Junos	12.3	r10	All	All
Operating System	Juniper	Junos	12.3	r2	All	All
Operating System	Juniper	Junos	12.3	r3	All	All
Operating System	Juniper	Junos	12.3	r4	All	All
Operating System	Juniper	Junos	12.3	r5	All	All
Operating System	Juniper	Junos	12.3	r6	All	All
Operating System	Juniper	Junos	12.3	r7	All	All
Operating System	Juniper	Junos	12.3	r8	All	All
Operating System	Juniper	Junos	12.3	r9	All	All
Operating System	Juniper	Junos	12.3x48	All	All	All
Operating System	Juniper	Junos	12.3x48	d10	All	All
Operating System	Juniper	Junos	12.3x48	d15	All	All
Operating System	Juniper	Junos	14.1x53	All	All	All
Operating System	Juniper	Junos	14.1x53	d10	All	All
Operating System	Juniper	Junos	14.1x53	d15	All	All
Operating System	Juniper	Junos	14.1x53	d16	All	All
Operating System	Juniper	Junos	14.1x53	d25	All	All
Operating System	Juniper	Junos	14.1x53	d26	All	All
Operating System	Juniper	Junos	14.1x53	d27	All	All
Operating System	Juniper	Junos	15.1x49	All	All	All
Operating System	Juniper	Junos	15.1x49	d10	All	All
Operating System	Juniper	Junos	12.1x46	All	All	All
Operating System	Juniper	Junos	12.1x46	d10	All	All
Operating System	Juniper	Junos	12.1x46	d15	All	All
Operating System	Juniper	Junos	12.1x46	d20	All	All
Operating System	Juniper	Junos	12.1x46	d25	All	All
Operating System	Juniper	Junos	12.1x46	d30	All	All
Operating System	Juniper	Junos	12.1x46	d35	All	All
Operating System	Juniper	Junos	12.1x46	d40	All	All
Operating System	Juniper	Junos	12.3	All	All	All
Operating System	Juniper	Junos	12.3	r1	All	All
Operating System	Juniper	Junos	12.3	r10	All	All
Operating System	Juniper	Junos	12.3	r2	All	All
Operating System	Juniper	Junos	12.3	r3	All	All
Operating System	Juniper	Junos	12.3	r4	All	All
Operating System	Juniper	Junos	12.3	r5	All	All
Operating System	Juniper	Junos	12.3	r6	All	All
Operating System	Juniper	Junos	12.3	r7	All	All
Operating System	Juniper	Junos	12.3	r8	All	All
Operating System	Juniper	Junos	12.3	r9	All	All
Operating System	Juniper	Junos	12.3x48	All	All	All
Operating System	Juniper	Junos	12.3x48	d10	All	All
Operating System	Juniper	Junos	12.3x48	d15	All	All
Operating System	Juniper	Junos	14.1x53	All	All	All
Operating System	Juniper	Junos	14.1x53	d10	All	All
Operating System	Juniper	Junos	14.1x53	d15	All	All
Operating System	Juniper	Junos	14.1x53	d16	All	All
Operating System	Juniper	Junos	14.1x53	d25	All	All
Operating System	Juniper	Junos	14.1x53	d26	All	All
Operating System	Juniper	Junos	14.1x53	d27	All	All
Operating System	Juniper	Junos	15.1x49	All	All	All
Operating System	Juniper	Junos	15.1x49	d10	All	All
Hardware	Juniper	Qfx3500	-	All	All	All
Hardware	Juniper	Qfx3500	-	All	All	All
Hardware	Juniper	Qfx3600	-	All	All	All
Hardware	Juniper	Qfx3600	-	All	All	All
Hardware	Juniper	Qfx5100	-	All	All	All
Hardware	Juniper	Qfx5100	-	All	All	All
Hardware	Juniper	Srx100	-	All	All	All
Hardware	Juniper	Srx100	-	All	All	All
Hardware	Juniper	Srx110	-	All	All	All
Hardware	Juniper	Srx110	-	All	All	All
Hardware	Juniper	Srx1400	-	All	All	All
Hardware	Juniper	Srx1400	-	All	All	All
Hardware	Juniper	Srx1500	-	All	All	All
Hardware	Juniper	Srx1500	-	All	All	All
Hardware	Juniper	Srx210	-	All	All	All
Hardware	Juniper	Srx210	-	All	All	All
Hardware	Juniper	Srx220	-	All	All	All
Hardware	Juniper	Srx220	-	All	All	All
Hardware	Juniper	Srx240	-	All	All	All
Hardware	Juniper	Srx240	-	All	All	All
Hardware	Juniper	Srx300	-	All	All	All
Hardware	Juniper	Srx300	-	All	All	All
Hardware	Juniper	Srx320	-	All	All	All
Hardware	Juniper	Srx320	-	All	All	All
Hardware	Juniper	Srx340	-	All	All	All
Hardware	Juniper	Srx340	-	All	All	All
Hardware	Juniper	Srx3400	-	All	All	All
Hardware	Juniper	Srx3400	-	All	All	All
Hardware	Juniper	Srx345	-	All	All	All
Hardware	Juniper	Srx345	-	All	All	All
Hardware	Juniper	Srx3600	-	All	All	All
Hardware	Juniper	Srx3600	-	All	All	All
Hardware	Juniper	Srx4100	-	All	All	All
Hardware	Juniper	Srx4100	-	All	All	All
Hardware	Juniper	Srx4200	-	All	All	All
Hardware	Juniper	Srx4200	-	All	All	All
Hardware	Juniper	Srx5400	-	All	All	All
Hardware	Juniper	Srx5400	-	All	All	All
Hardware	Juniper	Srx550	-	All	All	All
Hardware	Juniper	Srx550	-	All	All	All
Hardware	Juniper	Srx5600	-	All	All	All
Hardware	Juniper	Srx5600	-	All	All	All
Hardware	Juniper	Srx5800	-	All	All	All
Hardware	Juniper	Srx5800	-	All	All	All
Hardware	Juniper	Srx650	-	All	All	All
Hardware	Juniper	Srx650	-	All	All	All

References

Reference	Source	Link	Tags
Juniper Junos CVE-2018-0024 Local Privilege Escalation Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Juniper Junos Shell Privilege Management Flaw Lets Local Users Obtain Root Privileges - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
2018-07 Security Bulletin: Junos OS: A privilege escalation vulnerability exists where authenticated users with shell access can become root (CVE-2018-0024) - Juniper Networks	CONFIRM	kb.juniper.net	Mitigation, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.