Unknown
CVE-2020-10188 — Junos OS: Arbitrary code execution vulnerability in Telnet server
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-10188 — Junos OS: Arbitrary code execution vulnerability in Telnet server
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
This issue affects Junos OS 12.3, 12.3X48, 15.1, 15.1X49, 16.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3, 19.4, 20.1.
A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
This issue only affects systems with inbound Telnet service enabled. SSH service is unaffected by this vulnerability.
This issue affects Juniper Networks Junos OS:
- 12.3 versions prior to 12.3R12-S16;
- 12.3X48 versions prior to 12.3X48-D105;
- 15.1 versions prior to 15.1R7-S7;
- 15.1X49 versions prior to 15.1X49-D220;
- 16.1 versions prior to 16.1R7-S8;
- 17.2 versions prior to 17.2R3-S4;
- 17.2X75 versions prior to 17.2X75-D45;
- 17.3 versions prior to 17.3R3-S8;
- 17.4 versions prior to 17.4R2-S11, 17.4R3-S2;
- 18.1 versions prior to 18.1R3-S10;
- 18.2 versions prior to 18.2R3-S5;
- 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D430, 18.2X75-D65;
- 18.3 versions prior to 18.3R2-S4, 18.3R3-S3;
- 18.4 versions prior to 18.4R2-S5, 18.4R3-S4;
- 19.1 versions prior to 19.1R2-S2, 19.1R3-S2;
- 19.2 versions prior to 19.2R1-S5, 19.2R2;
- 19.3 versions prior to 19.3R2-S3, 19.3R3;
- 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3;
- 20.1 versions prior to 20.1R1-S2, 20.1R2.
Telnet service is enabled via the following configuration stanza:
[system services telnet]
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
Avoid the use of Telnet service. Enable only SSH access for interactive login.
For example:
# delete system services telnet # set system services ssh # commit
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
References
Advisory
Miscellaneous
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: