The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SRX

vulnerability CVE-2018-0007

Junos: privilege escalation via LLDP

Synthesis of the vulnerability

An attacker can bypass restrictions via LLDP of Junos, in order to escalate his privileges.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 11/01/2018.
Revisions dates: 06/02/2018, 02/03/2018.
Identifiers: CERTFR-2018-AVI-026, CERTFR-2018-AVI-115, CERTFR-2019-AVI-069, CVE-2018-0007, JSA10830, VIGILANCE-VUL-25010.

Description of the vulnerability

An attacker can bypass restrictions via LLDP of Junos, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-7170 CVE-2018-7182 CVE-2018-7183

NTP.org: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, McAfee Web Gateway, Meinberg NTP Server, NTP.org, openSUSE Leap, Solaris, SafeNet Network HSM, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 28/02/2018.
Identifiers: bulletinapr2018, bulletinapr2019, CERTFR-2018-AVI-545, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185, FEDORA-2018-7051d682fa, FEDORA-2018-70c191d84a, FEDORA-2018-de113aeac6, FreeBSD-SA-18:02.ntp, JSA10898, K04912972, K13540723, K82570157, KB0018260, openSUSE-SU-2018:0970-1, openSUSE-SU-2018:3438-1, openSUSE-SU-2018:3452-1, SA165, SB10231, SB10264, SSA:2018-060-02, SUSE-SU-2018:1464-1, SUSE-SU-2018:1765-1, SUSE-SU-2018:3342-1, SUSE-SU-2018:3351-1, SUSE-SU-2018:3352-1, SUSE-SU-2018:3356-1, SUSE-SU-2018:3386-1, Synology-SA-18:13, Synology-SA-18:14, USN-3707-1, USN-3707-2, VIGILANCE-VUL-25397.

Description of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0002

Junos: denial of service via ALG

Synthesis of the vulnerability

An attacker can generate a fatal error via ALG of Junos, in order to trigger a denial of service.
Impacted products: Junos OS, SRX-Series.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 11/01/2018.
Revision date: 06/02/2018.
Identifiers: CERTFR-2018-AVI-026, CERTFR-2018-AVI-068, CVE-2018-0002, JSA10829, VIGILANCE-VUL-25009.

Description of the vulnerability

An attacker can generate a fatal error via ALG of Junos, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1000005 CVE-2018-1000007

curl: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libcurl.
Impacted products: OpenOffice, curl, Debian, Fedora, Rational ClearCase, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/01/2018.
Identifiers: 2014495, bulletinapr2018, CVE-2018-1000005, CVE-2018-1000007, DLA-1263-1, DSA-4098-1, FEDORA-2018-241a5a2409, FEDORA-2018-85655b12b6, JSA10874, openSUSE-SU-2018:0236-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-024-01, USN-3554-1, USN-3554-2, VIGILANCE-VUL-25147.

Description of the vulnerability

An attacker can use several vulnerabilities of libcurl.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3145

ISC BIND: assertion error via Fetch Cleanup Sequencing

Synthesis of the vulnerability

An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, BIND, Junos OS, Junos Space, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 17/01/2018.
Identifiers: bulletinjan2018, bulletinjul2018, CERTFR-2018-AVI-033, CVE-2017-3145, DSA-4089-1, FEDORA-2018-6550550774, FEDORA-2018-97bdb9ba32, JSA10873, JSA10875, JSA10917, K08613310, openSUSE-SU-2018:0323-1, RHSA-2018:0101-01, RHSA-2018:0102-01, RHSA-2018:0487-01, RHSA-2018:0488-01, SSA:2018-017-01, SUSE-SU-2018:0303-1, SUSE-SU-2018:0362-1, USN-3535-1, USN-3535-2, VIGILANCE-VUL-25087.

Description of the vulnerability

An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0009

Junos: privilege escalation via Leading Zeros UUID

Synthesis of the vulnerability

An attacker can bypass restrictions via Leading Zeros UUID of Junos, in order to escalate his privileges.
Impacted products: Junos OS, SRX-Series.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CVE-2018-0009, JSA10836, VIGILANCE-VUL-25016.

Description of the vulnerability

An attacker can bypass restrictions via Leading Zeros UUID of Junos, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0008

Junos: privilege escalation via Commit Script

Synthesis of the vulnerability

An attacker can bypass restrictions via Commit Script of Junos, in order to escalate his privileges.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CERTFR-2018-AVI-115, CVE-2018-0008, JSA10835, VIGILANCE-VUL-25015.

Description of the vulnerability

An attacker can bypass restrictions via Commit Script of Junos, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0006

Junos: denial of service via bbe-smgd VLAN Authentication

Synthesis of the vulnerability

An attacker can generate a fatal error via bbe-smgd VLAN Authentication of Junos, in order to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CVE-2018-0006, JSA10834, VIGILANCE-VUL-25014.

Description of the vulnerability

An attacker can generate a fatal error via bbe-smgd VLAN Authentication of Junos, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0005

Junos: privilege escalation via MAC Move Limit Forward Traffic

Synthesis of the vulnerability

An attacker can bypass restrictions via MAC Move Limit Forward Traffic of Junos, in order to escalate his privileges.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CVE-2018-0005, JSA10833, VIGILANCE-VUL-25013.

Description of the vulnerability

An attacker can bypass restrictions via MAC Move Limit Forward Traffic of Junos, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0004

Junos: denial of service via Transit Traffic

Synthesis of the vulnerability

An attacker can generate a fatal error via Transit Traffic of Junos, in order to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 11/01/2018.
Identifiers: CERTFR-2018-AVI-026, CVE-2018-0004, JSA10832, VIGILANCE-VUL-25012.

Description of the vulnerability

An attacker can generate a fatal error via Transit Traffic of Junos, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SRX: