Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   Juniper Junos Vendors:   Juniper
Juniper Junos on QFX5200/QFX10002 Platforms Lets Local Superusers Cause Denial of Service Conditions on the Target System
SecurityTracker Alert ID:  1041336
SecurityTracker URL:
CVE Reference:   CVE-2018-0035   (Links to External Site)
Date:  Jul 19 2018
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): QFX5200 and QFX10002 platforms; 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33, 15.1X53-D60
Description:   A vulnerability was reported in Juniper Junos. A local user can cause denial of service conditions on the target system.

QFX5200 and QFX10002 series devices shipped with certain versions of Junos or upgraded to these versions may contain an unintended additional Open Network Install Environment (ONIE) partition that allows a local (superuser) user to reboot to the ONIE partition and wipe out the Junos partition and configuration.

Once rebooted, the ONIE partition root account will have no password.

Impact:   A local superuser can delete the Junos partition and configuration.
Solution:   The vendor advises that users must reimage the device using the USB or PXE image from the Juniper download page.

The vendor advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Configuration error

Message History:   None.

 Source Message Contents



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC