Sign-up

ID

VAR-201802-0618


CVE

CVE-2018-0015


TITLE

AppFormix Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-002335

DESCRIPTION

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: All versions up to and including 2.7.3; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue. AppFormix Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper AppFormix is ​​a set of optimization and management software platforms for public cloud, private cloud and hybrid cloud from Juniper Networks

Trust: 1.71

sources: NVD: CVE-2018-0015 // JVNDB: JVNDB-2018-002335 // VULHUB: VHN-118217

AFFECTED PRODUCTS

vendor:junipermodel:appformixscope:eqversion:2.7.3

Trust: 1.4

vendor:junipermodel:appformixscope:ltversion:2.15.2

Trust: 1.0

vendor:junipermodel:appformixscope:gteversion:2.15

Trust: 1.0

vendor:junipermodel:appformixscope:ltversion:2.11.3

Trust: 1.0

vendor:junipermodel:appformixscope:lteversion:2.7.3

Trust: 1.0

vendor:junipermodel:appformixscope:gteversion:2.11

Trust: 1.0

vendor:junipermodel:appformixscope:eqversion:2.11.3

Trust: 0.8

vendor:junipermodel:appformixscope:ltversion:2.11

Trust: 0.8

vendor:junipermodel:appformixscope:ltversion:2.15

Trust: 0.8

vendor:junipermodel:appformixscope:eqversion:2.15.2

Trust: 0.8

sources: JVNDB: JVNDB-2018-002335 // CNNVD: CNNVD-201802-544 // NVD: CVE-2018-0015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0015
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2018-0015
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0015
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-544
value: HIGH

Trust: 0.6

VULHUB: VHN-118217
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0015
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118217
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0015
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0015
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118217 // JVNDB: JVNDB-2018-002335 // CNNVD: CNNVD-201802-544 // NVD: CVE-2018-0015 // NVD: CVE-2018-0015

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-118217 // JVNDB: JVNDB-2018-002335 // NVD: CVE-2018-0015

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-544

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201802-544

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002335

PATCH
title:JSA10843url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10843&actp=METADATA
Trust: 0.8
title:Juniper AppFormix Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78672
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-002335 // 
            
            
            
            CNNVD: CNNVD-201802-544

EXTERNAL IDS
db:NVDid:CVE-2018-0015
Trust: 2.5
db:JUNIPERid:JSA10843
Trust: 1.7
db:JVNDBid:JVNDB-2018-002335
Trust: 0.8
db:CNNVDid:CNNVD-201802-544
Trust: 0.6
db:VULHUBid:VHN-118217
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118217 // 
            
            
            
            JVNDB: JVNDB-2018-002335 // 
            
            
            
            CNNVD: CNNVD-201802-544 // 
            
            
            
            NVD: CVE-2018-0015

REFERENCES
url:https://kb.juniper.net/jsa10843
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0015
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0015
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118217 // 
            
            
            
            JVNDB: JVNDB-2018-002335 // 
            
            
            
            CNNVD: CNNVD-201802-544 // 
            
            
            
            NVD: CVE-2018-0015

SOURCES
db:VULHUBid:VHN-118217
db:JVNDBid:JVNDB-2018-002335
db:CNNVDid:CNNVD-201802-544
db:NVDid:CVE-2018-0015

LAST UPDATE DATE
2024-11-23T22:52:12.793000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118217date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-002335date:2018-11-16T00:00:00
db:CNNVDid:CNNVD-201802-544date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0015date:2024-11-21T03:37:21.717

SOURCES RELEASE DATE
db:VULHUBid:VHN-118217date:2018-02-22T00:00:00
db:JVNDBid:JVNDB-2018-002335date:2018-04-09T00:00:00
db:CNNVDid:CNNVD-201802-544date:2018-03-06T00:00:00
db:NVDid:CVE-2018-0015date:2018-02-22T22:29:00.207