CVE-2018-0008

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 12.1X46-D71 on SRX Junos OS versions prior to 12.3X48-D55 on SRX Junos OS versions prior to 14.1R9 Junos OS versions prior to 14.1X53-D40 on QFX, EX Junos OS versions prior to 14.2R7-S9, 14.2R8 Junos OS versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6 Junos OS versions prior to 15.1X49-D110 on SRX Junos OS versions prior to 15.1X53-D232 on QFX5200/5110 Junos OS versions prior to 15.1X53-D49, 15.1X53-D470 on NFX Junos OS versions prior to 15.1X53-D65 on QFX10K Junos OS versions prior to 16.1R2

Description: The issue is related to the implementation of commit scripts in Junos OS, which can lead to inadequate access control. Upon reboot, an unauthenticated root login may be allowed when a commit script is used, potentially allowing an attacker to gain access to the device with root privileges without using a password. This can occur when certain commit scripts cause unexpected behavior upon reboot, leaving the system in a "safe mode" authentication state. Only physical login to the console port as root, with no password, will work in this state.

Recommendations: For Junos OS versions prior to 12.1X46-D71 on SRX, update to version 12.1X46-D71 or later. For Junos OS versions prior to 12.3X48-D55 on SRX, update to version 12.3X48-D55 or later. For Junos OS versions prior to 14.1R9, update to version 14.1R9 or later. For Junos OS versions prior to 14.1X53-D40 on QFX, EX, update to version 14.1X53-D40 or later. For Junos OS versions prior to 14.2R7-S9, 14.2R8, update to version 14.2R7-S9, 14.2R8 or later. For Junos OS versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6, update to version 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6 or later. For Junos OS versions prior to 15.1X49-D110 on SRX, update to version 15.1X49-D110 or later. For Junos OS versions prior to 15.1X53-D232 on QFX5200/5110, update to version 15.1X53-D232 or later. For Junos OS versions prior to 15.1X53-D49, 15.1X53-D470 on NFX, update to version 15.1X53-D49, 15.1X53-D470 or later. For Junos OS versions prior to 15.1X53-D65 on QFX10K, update to version 15.1X53-D65 or later. For Junos OS versions prior to 16.1R2, update to version 16.1R2 or later.