CVE-2018-0001
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
10/01/2018
Last modified:
23/02/2018
Description
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d55:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d60:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d65:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page