According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL :

  - A flaw exists in the ssl3_get_key_exchange() function     in file s3_clnt.c when handling a ServerKeyExchange     message for an anonymous DH ciphersuite with the value     of 'p' set to 0. A attacker can exploit this, by causing     a segmentation fault, to crash an application linked     against the library, resulting in a denial of service.
    (CVE-2015-1794)

  - A carry propagating flaw exists in the x86_64 Montgomery     squaring implementation that may cause the BN_mod_exp()     function to produce incorrect results. An attacker can     exploit this to obtain sensitive information regarding     private keys. (CVE-2015-3193)

  - A NULL pointer dereference flaw exists in file     rsa_ameth.c due to improper handling of ASN.1 signatures     that are missing the PSS parameter. A remote attacker     can exploit this to cause the signature verification     routine to crash, resulting in a denial of service     condition. (CVE-2015-3194)

  - A flaw exists in the ASN1_TFLG_COMBINE implementation in     file tasn_dec.c related to handling malformed     X509_ATTRIBUTE structures. A remote attacker can exploit     this to cause a memory leak by triggering a decoding     failure in a PKCS#7 or CMS application, resulting in a     denial of service. (CVE-2015-3195)

  - A race condition exists in s3_clnt.c that is triggered     when PSK identity hints are incorrectly updated in the     parent SSL_CTX structure when they are received by a     multi-threaded client. A remote attacker can exploit     this, via a crafted ServerKeyExchange message, to cause     a double-free memory error, resulting in a denial of     service. (CVE-2015-3196)

  - A cipher algorithm downgrade vulnerability exists due to     a flaw that is triggered when handling cipher     negotiation. A remote attacker can exploit this to     negotiate SSLv2 ciphers and complete SSLv2 handshakes     even if all SSLv2 ciphers have been disabled on the     server. Note that this vulnerability only exists if the     SSL_OP_NO_SSLv2 option has not been disabled.
    (CVE-2015-3197)

  - A key disclosure vulnerability exists due to improper     handling of cache-bank conflicts on the Intel     Sandy-bridge microarchitecture. An attacker can exploit     this to gain access to RSA key information.
    (CVE-2016-0702)

  - A flaw exists in the SSLv2 implementation,     specifically in the get_client_master_key() function     within file s2_srvr.c, due to accepting a nonzero     CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an     arbitrary cipher. A man-in-the-middle attacker can     exploit this to determine the MASTER-KEY value and     decrypt TLS ciphertext by leveraging a Bleichenbacher     RSA padding oracle. (CVE-2016-0703)

  - A flaw exists in the SSLv2 oracle protection mechanism,     specifically in the get_client_master_key() function     within file s2_srvr.c, due to incorrectly overwriting     MASTER-KEY bytes during use of export cipher suites.
    A remote attackers can exploit this to more easily     decrypt TLS ciphertext by leveraging a Bleichenbacher     RSA padding oracle. (CVE-2016-0704)

  - A double-free error exists due to improper validation of     user-supplied input when parsing malformed DSA private     keys. A remote attacker can exploit this to corrupt     memory, resulting in a denial of service condition or     the execution of arbitrary code. (CVE-2016-0705)

  - A NULL pointer dereference flaw exists in the     BN_hex2bn() and BN_dec2bn() functions. A remote attacker     can exploit this to trigger a heap corruption, resulting     in the execution of arbitrary code. (CVE-2016-0797)

  - A denial of service vulnerability exists due to improper     handling of invalid usernames. A remote attacker can     exploit this, via a specially crafted username, to leak     300 bytes of memory per connection, exhausting available     memory resources. (CVE-2016-0798)

  - Multiple memory corruption issues exist that allow a     remote attacker to cause a denial of service condition     or the execution of arbitrary code. (CVE-2016-0799)

  - A heap buffer overflow condition exists in the     EVP_EncodeUpdate() function within file     crypto/evp/encode.c that is triggered when handling     a large amount of input data. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition. (CVE-2016-2105)

  - A heap buffer overflow condition exists in the     EVP_EncryptUpdate() function within file     crypto/evp/evp_enc.c that is triggered when handling a     large amount of input data after a previous call occurs     to the same function with a partial block. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-2106)

  - A remote code execution vulnerability exists in the     ASN.1 encoder due to an underflow condition that occurs     when attempting to encode the value zero represented as     a negative integer. An unauthenticated, remote attacker     can exploit this to corrupt memory, resulting in the     execution of arbitrary code. (CVE-2016-2108)

  - Multiple unspecified flaws exist in the d2i BIO     functions when reading ASN.1 data from a BIO due to     invalid encoding causing a large allocation of memory.
    An unauthenticated, remote attacker can exploit these to     cause a denial of service condition through resource     exhaustion. (CVE-2016-2109)

  - Multiple integer overflow conditions exist in s3_srvr.c,     ssl_sess.c, and t1_lib.c due to improper use of pointer     arithmetic for heap-buffer boundary checks. An     unauthenticated, remote attacker can exploit this to     cause a denial of service. (CVE-2016-2177)

  - An information disclosure vulnerability exists in the     dsa_sign_setup() function in dsa_ossl.c due to a failure     to properly ensure the use of constant-time operations.
    An unauthenticated, remote attacker can exploit this,     via a timing side-channel attack, to disclose DSA key     information. (CVE-2016-2178)

  - An out-of-bounds read error exists in the X.509 Public     Key Infrastructure Time-Stamp Protocol (TSP)     implementation. An unauthenticated, remote attacker can     exploit this, via a crafted time-stamp file that is     mishandled by the 'openssl ts' command, to cause     denial of service or to disclose sensitive information.
    (CVE-2016-2180)

  - An overflow condition exists in the BN_bn2dec() function     in bn_print.c due to improper validation of     user-supplied input when handling BIGNUM values. An     unauthenticated, remote attacker can exploit this to     crash the process. (CVE-2016-2182)

  - A vulnerability exists, known as SWEET32, in the 3DES     and Blowfish algorithms due to the use of weak 64-bit     block ciphers by default. A man-in-the-middle attacker     who has sufficient resources can exploit this     vulnerability, via a 'birthday' attack, to detect a     collision that leaks the XOR between the fixed secret     and a known plaintext, allowing the disclosure of the     secret text, such as secure HTTPS cookies, and possibly     resulting in the hijacking of an authenticated session.
    (CVE-2016-2183)

  - A flaw exists in the tls_decrypt_ticket() function in     t1_lib.c due to improper handling of ticket HMAC     digests. An unauthenticated, remote attacker can exploit     this, via a ticket that is too short, to crash the     process, resulting in a denial of service.
    (CVE-2016-6302)

  - An integer overflow condition exists in the     MDC2_Update() function in mdc2dgst.c due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit this to cause a heap-based     buffer overflow, resulting in a denial of service     condition or possibly the execution of arbitrary code.
    (CVE-2016-6303)

  - A flaw exists in the ssl_parse_clienthello_tlsext()     function in t1_lib.c due to improper handling of overly     large OCSP Status Request extensions from clients. An     unauthenticated, remote attacker can exploit this, via     large OCSP Status Request extensions, to exhaust memory     resources, resulting in a denial of service condition.
    (CVE-2016-6304)

  - A flaw exists in the SSL_peek() function in     rec_layer_s3.c due to improper handling of empty     records. An unauthenticated, remote attacker can exploit     this, by triggering a zero-length record in an SSL_peek     call, to cause an infinite loop, resulting in a denial     of service condition. (CVE-2016-6305)

  - An out-of-bounds read error exists in the certificate     parser that allows an unauthenticated, remote attacker     to cause a denial of service via crafted certificate     operations. (CVE-2016-6306)

  - A denial of service vulnerability exists in the     state-machine implementation due to a failure to check     for an excessive length before allocating memory. An     unauthenticated, remote attacker can exploit this, via a     crafted TLS message, to exhaust memory resources.
    (CVE-2016-6307)

Note that these issues only affects devices with J-Web or the SSL service for JUNOScript enabled.

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The BN_bn2dec function in crypto/bn/bn_print.c in     OpenSSL before 1.1.0 does not properly validate     division results, which allows remote attackers to     cause a denial of service (out-of-bounds write and     application crash) or possibly have unspecified other     impact via unknown vectors.(CVE-2016-2182)

  - A denial of service flaw was found in the way the     TLS/SSL protocol defined processing of ALERT packets     during a connection handshake. A remote attacker could     use this flaw to make a TLS/SSL server consume an     excessive amount of CPU and fail to accept connections     form other clients.(CVE-2016-8610)

  - A flaw was found in the way malicious SSLv2 clients     could negotiate SSLv2 ciphers that were disabled on the     server. This could result in weak SSLv2 ciphers being     used for SSLv2 connections, making them vulnerable to     man-in-the-middle attacks.(CVE-2015-3197)

  - A padding oracle flaw was found in the Secure Sockets     Layer version 2.0 (SSLv2) protocol. An attacker could     potentially use this flaw to decrypt RSA-encrypted     cipher text from a connection using a newer SSL/TLS     protocol version, allowing them to decrypt such     connections. This cross-protocol attack is publicly     referred to as DROWN.(CVE-2016-0800)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the remote pfSense install is prior to 2.3. It is, therefore, affected by multiple vulnerabilities.

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.18. It is, therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to gain elevated privileges. Additionally, multiple vulnerabilities exist in the bundled version of OpenSSL :

  - A flaw exists in the ssl3_get_key_exchange() function     in file s3_clnt.c when handling a ServerKeyExchange     message for an anonymous DH ciphersuite with the value     of 'p' set to 0. A attacker can exploit this, by causing     a segmentation fault, to crash an application linked     against the library, resulting in a denial of service.
    (CVE-2015-1794)

  - A carry propagating flaw exists in the x86_64 Montgomery     squaring implementation that may cause the BN_mod_exp()     function to produce incorrect results. An attacker can     exploit this to obtain sensitive information regarding     private keys. (CVE-2015-3193)

  - A NULL pointer dereference flaw exists in file     rsa_ameth.c due to improper handling of ASN.1 signatures     that are missing the PSS parameter. A remote attacker     can exploit this to cause the signature verification     routine to crash, resulting in a denial of service     condition. (CVE-2015-3194)

  - A flaw exists in the ASN1_TFLG_COMBINE implementation in     file tasn_dec.c related to handling malformed     X509_ATTRIBUTE structures. A remote attacker can exploit     this to cause a memory leak by triggering a decoding     failure in a PKCS#7 or CMS application, resulting in a     denial of service. (CVE-2015-3195)

  - A race condition exists in s3_clnt.c that is triggered     when PSK identity hints are incorrectly updated in the     parent SSL_CTX structure when they are received by a     multi-threaded client. A remote attacker can exploit     this, via a crafted ServerKeyExchange message, to cause     a double-free memory error, resulting in a denial of     service. (CVE-2015-3196)

  - A cipher algorithm downgrade vulnerability exists due to     a flaw that is triggered when handling cipher     negotiation. A remote attacker can exploit this to     negotiate SSLv2 ciphers and complete SSLv2 handshakes     even if all SSLv2 ciphers have been disabled on the     server. Note that this vulnerability only exists if the     SSL_OP_NO_SSLv2 option has not been disabled.
    (CVE-2015-3197)

According to its banner, the version of OpenSSL on the remote host is 1.0.2 prior to 1.0.2f or 1.0.1 prior to 1.0.1r and is affected by a flaw that is triggered when handling cipher negotiation. This may allow a remote attacker to negotiate SSLv2 ciphers that are disabled on the server.

ID	Name	Product	Family	Published	Updated	Severity
96316	Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)	Nessus	Junos Local Security Checks	1/5/2017	8/10/2018	critical
99885	EulerOS 2.0 SP1 : openssl098e (EulerOS-SA-2017-1040)	Nessus	Huawei Local Security Checks	5/1/2017	1/6/2021	critical
106499	pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02)	Nessus	Firewalls	1/31/2018	11/8/2019	critical
90680	Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU)	Nessus	Misc.	4/22/2016	11/19/2019	medium
9464	OpenSSL 1.0.1 < 1.0.1r / 1.0.2 < 1.0.2f Information Disclosure	Nessus Network Monitor	Web Servers	8/5/2016	3/6/2019	low

Detections

Analytics

Plugins Search

critical

critical

critical

medium

low