Detections
Analytics

Juniper Junos OS Multiple Vulnerabilities (JSA82973)

high Nessus Plugin ID 310756

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA82973 advisory.

 - Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. (CVE-2020-15862)

 - The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
 (CVE-2015-5621)

 - The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. (CVE-2008-6123)

 - Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
 (CVE-2020-15861)

 - _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (CVE-2018-18065)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA82973

See Also

http://www.nessus.org/u?acf0f05c

http://www.nessus.org/u?6d52334d

Plugin Details

Severity: High

ID: 310756

File Name: juniper_jsa82973.nasl

Version: 1.1

Type: Combined

Published: 4/28/2026

Updated: 4/28/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-5621

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2020-15862

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/10/2024

Vulnerability Publication Date: 5/4/2007

Reference Information

CVE: CVE-2007-5846, CVE-2008-6123, CVE-2012-6151, CVE-2014-2285, CVE-2014-2310, CVE-2014-3565, CVE-2015-5621, CVE-2015-8100, CVE-2018-18065, CVE-2019-20892, CVE-2020-15861, CVE-2020-15862

JSA: JSA82973