Juniper Junos Space < 15.1R2 Multiple Vulnerabilities (JSA10727) (Bar Mitzvah) (Logjam)

high Nessus Plugin ID 91779
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.5

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R2. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the JCE component in the Oracle Java runtime due to various cryptographic operations using non-constant time comparisons. An unauthenticated, remote attacker can exploit this, via timing attacks, to disclose potentially sensitive information.
(CVE-2015-2601)

- A flaw exists in the JCE component in the Oracle Java runtime, within the ECDH_Derive() function, due to missing EC parameter validation when performing ECDH key derivation. A remote attacker can exploit this to disclose potentially sensitive information.
(CVE-2015-2613)

- A flaw exists in the JSSE component in the Oracle Java runtime, related to performing X.509 certificate identity checks, that allows a remote attacker to disclose potentially sensitive information. (CVE-2015-2625)

- A NULL pointer dereference flaw exists in the Security component in the Oracle Java runtime, which is related to the GCM (Galois Counter Mode) implementation when performing encryption using a block cipher in GCM mode.
An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2659)

- A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)

- A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)

- A flaw exists in the Security component in the Oracle Java runtime when handling Online Certificate Status Protocol (OCSP) responses with no 'nextUpdate' date specified. A remote attacker can exploit this to cause a revoked X.509 certificate to be accepted.
(CVE-2015-4748)

- A flaw exists in the JNDI component in the Oracle Java runtime, within the DnsClient::query() function, due to a failure by DnsClient exception handling to release request information. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
(CVE-2015-4749)

Solution

Upgrade to Junos Space version 15.1R2 or later.

See Also

http://www.nessus.org/u?a84b985b

http://www.nessus.org/u?4bbf45ac

https://weakdh.org/

Plugin Details

Severity: High

ID: 91779

File Name: juniper_space_jsa10727.nasl

Version: 1.5

Type: local

Published: 6/23/2016

Updated: 7/12/2018

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 6.5

CVSS v2.0

Base Score: 7.6

Temporal Score: 5.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Required KB Items: Host/Junos_Space/version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2016

Vulnerability Publication Date: 1/19/2015

Reference Information

CVE: CVE-2015-2601, CVE-2015-2613, CVE-2015-2625, CVE-2015-2659, CVE-2015-2808, CVE-2015-4000, CVE-2015-4748, CVE-2015-4749

BID: 73684, 74733, 75854, 75867, 75871, 75877, 75890, 75895

JSA: JSA10727