10

CVE-2017-2343

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of "Status: Connected" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version12.3x48 Updated10
   JuniperSrx100 Version-
   JuniperSrx110 Version-
   JuniperSrx1400 Version-
   JuniperSrx210 Version-
   JuniperSrx220 Version-
   JuniperSrx240 Version-
   JuniperSrx3400 Version-
   JuniperSrx3600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
   JuniperSrx650 Version-
JuniperJunos Version12.3x48 Updated15
   JuniperSrx100 Version-
   JuniperSrx110 Version-
   JuniperSrx1400 Version-
   JuniperSrx210 Version-
   JuniperSrx220 Version-
   JuniperSrx240 Version-
   JuniperSrx3400 Version-
   JuniperSrx3600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
   JuniperSrx650 Version-
JuniperJunos Version12.3x48 Updated20
   JuniperSrx100 Version-
   JuniperSrx110 Version-
   JuniperSrx1400 Version-
   JuniperSrx210 Version-
   JuniperSrx220 Version-
   JuniperSrx240 Version-
   JuniperSrx3400 Version-
   JuniperSrx3600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
   JuniperSrx650 Version-
JuniperJunos Version12.3x48 Updated25
   JuniperSrx100 Version-
   JuniperSrx110 Version-
   JuniperSrx1400 Version-
   JuniperSrx210 Version-
   JuniperSrx220 Version-
   JuniperSrx240 Version-
   JuniperSrx3400 Version-
   JuniperSrx3600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
   JuniperSrx650 Version-
JuniperJunos Version12.3x48 Updated30
   JuniperSrx100 Version-
   JuniperSrx110 Version-
   JuniperSrx1400 Version-
   JuniperSrx210 Version-
   JuniperSrx220 Version-
   JuniperSrx240 Version-
   JuniperSrx3400 Version-
   JuniperSrx3600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
   JuniperSrx650 Version-
JuniperJunos Version12.3x48 Updated35
   JuniperSrx100 Version-
   JuniperSrx110 Version-
   JuniperSrx1400 Version-
   JuniperSrx210 Version-
   JuniperSrx220 Version-
   JuniperSrx240 Version-
   JuniperSrx3400 Version-
   JuniperSrx3600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
   JuniperSrx650 Version-
JuniperJunos Version15.1x49 Updated40
   JuniperSrx100 Version-
   JuniperSrx110 Version-
   JuniperSrx1400 Version-
   JuniperSrx210 Version-
   JuniperSrx220 Version-
   JuniperSrx240 Version-
   JuniperSrx3400 Version-
   JuniperSrx3600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
   JuniperSrx650 Version-
JuniperJunos Version15.1x49 Updated45
   JuniperSrx100 Version-
   JuniperSrx110 Version-
   JuniperSrx1400 Version-
   JuniperSrx210 Version-
   JuniperSrx220 Version-
   JuniperSrx240 Version-
   JuniperSrx3400 Version-
   JuniperSrx3600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
   JuniperSrx650 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.1% 0.863
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
sirt@juniper.net 10 3.9 6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://www.securitytracker.com/id/1038904
Third Party Advisory
VDB Entry