Detections
Analytics

Juniper Junos NFX150 Multiple Vulnerabilities (JSA11026)

critical Nessus Plugin ID 139033

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, the remote Junos OS device is affected by multiple vulnerabilities in the BIOS firmware, including the following:

 - Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. (CVE-2019-11131)

 - Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access. (CVE-2019-0169)

 - Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. (CVE-2019-11107)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA11026

See Also

http://www.nessus.org/u?7899cffc

http://www.nessus.org/u?23ddbeec

Plugin Details

Severity: Critical

ID: 139033

File Name: juniper_jsa11026.nasl

Version: 1.3

Type: combined

Published: 7/28/2020

Updated: 7/20/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-11131

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/model, Host/Juniper/JUNOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/8/2020

Vulnerability Publication Date: 12/18/2019

Reference Information

CVE: CVE-2019-0131, CVE-2019-0165, CVE-2019-0166, CVE-2019-0168, CVE-2019-0169, CVE-2019-11086, CVE-2019-11087, CVE-2019-11088, CVE-2019-11090, CVE-2019-11097, CVE-2019-11100, CVE-2019-11101, CVE-2019-11102, CVE-2019-11103, CVE-2019-11104, CVE-2019-11105, CVE-2019-11106, CVE-2019-11107, CVE-2019-11108, CVE-2019-11109, CVE-2019-11110, CVE-2019-11131, CVE-2019-11132, CVE-2019-11147

JSA: JSA11026