What is CVE-2018-0052?

CVE-2018-0052 is a high-severity vulnerability in Juniper Ex2300, classified under Improper Authentication. CVSS score: 7.2/10. Published 2018-10-10.

How severe is CVE-2018-0052?

High severity. CVSS v3 base score is 7.2 out of 10.

Auth bypass in Juniper Ex2300

CVE-2018-0052

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to ena…

Vulnerability class: Broken Authentication

EPSS: 0.049 (90.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Juniper Ex2300
Juniper Ex3400
Juniper Junos — versions 12.1x46, 12.3, 12.3x48
Juniper Nfx150
Juniper Nfx250
Juniper Qfx10000
Juniper Qfx5110
Juniper Qfx5200
Juniper Networks Junos Os — versions 18.2X75, 16.1, 15.1X53

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

sirt@juniper.net (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
sirt@juniper.net (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2018-0052?: CVE-2018-0052 is a high-severity vulnerability in Juniper Ex2300, classified under Improper Authentication. CVSS score: 7.2/10. Published 2018-10-10.
How severe is CVE-2018-0052?: High severity. CVSS v3 base score is 7.2 out of 10.