Juniper Junos Space < 15.1R2 Multiple Vulnerabilities (JSA10727) (Bar Mitzvah) (Logjam)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by multiple vulnerabilities.

Description :

According to its self-reported version number, the version of Junos
Space running on the remote device is prior to 15.1R2. It is,
therefore, affected by multiple vulnerabilities :

- A flaw exists in the JCE component in the Oracle Java
runtime due to various cryptographic operations using
non-constant time comparisons. An unauthenticated,
remote attacker can exploit this, via timing attacks,
to disclose potentially sensitive information.
(CVE-2015-2601)

- A flaw exists in the JCE component in the Oracle Java
runtime, within the ECDH_Derive() function, due to
missing EC parameter validation when performing ECDH key
derivation. A remote attacker can exploit this to
disclose potentially sensitive information.
(CVE-2015-2613)

- A flaw exists in the JSSE component in the Oracle Java
runtime, related to performing X.509 certificate identity
checks, that allows a remote attacker to disclose
potentially sensitive information. (CVE-2015-2625)

- A NULL pointer dereference flaw exists in the Security
component in the Oracle Java runtime, which is related
to the GCM (Galois Counter Mode) implementation when
performing encryption using a block cipher in GCM mode.
An unauthenticated, remote attacker can exploit this to
cause a denial of service condition. (CVE-2015-2659)

- A security feature bypass vulnerability exists, known as
Bar Mitzvah, due to improper combination of state data
with key data by the RC4 cipher algorithm during the
initialization phase. A man-in-the-middle attacker can
exploit this, via a brute-force attack using LSB values,
to decrypt the traffic. (CVE-2015-2808)

- A man-in-the-middle vulnerability, known as Logjam,
exists due to a flaw in the SSL/TLS protocol. A remote
attacker can exploit this flaw to downgrade connections
using ephemeral Diffie-Hellman key exchange to 512-bit
export-grade cryptography. (CVE-2015-4000)

- A flaw exists in the Security component in the Oracle
Java runtime when handling Online Certificate Status
Protocol (OCSP) responses with no 'nextUpdate' date
specified. A remote attacker can exploit this to cause a
revoked X.509 certificate to be accepted.
(CVE-2015-4748)

- A flaw exists in the JNDI component in the Oracle Java
runtime, within the DnsClient::query() function, due to
a failure by DnsClient exception handling to release
request information. An unauthenticated, remote attacker
can exploit this to cause a denial of service condition.
(CVE-2015-4749)

See also :

http://www.nessus.org/u?a84b985b
http://www.nessus.org/u?4bbf45ac
https://weakdh.org/

Solution :

Upgrade to Junos Space version 15.1R2 or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now