Strix
26.1K

CVE-2018-0021

UnknownEPSS 0.63%

Last modified

CVE-2018-0021 is a vulnerability of currently unknown severity. If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an attacker will discover the secret passphrases configured for these keys through dictionary-based and brute-force-based attacks using spoofed packets. EPSS estimates a 0.63% chance of exploitation in the next 30 days.

Description

If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an attacker will discover the secret passphrases configured for these keys through dictionary-based and brute-force-based attacks using spoofed packets. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R10, 14.1R9; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R5; 16.2 versions prior to 16.2R1-S6, 16.2R2; 17.1 versions prior to 17.1R2.

Metrics

EPSS Probability
0.63%

45.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
JuniperJunos15.1x49
JuniperJunos14.1
JuniperJunos14.1x53
JuniperJunos15.1x53
JuniperJunos16.1R1
JuniperJunos16.2R1
JuniperJunos17.1R1
JuniperJunos15.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-0021?
If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an attacker will discover the secret passphrases configured for these keys through dictionary-based and brute-force-based attacks using spoofed packets. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R10, 14.1R9; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R5; 16.2 versions prior to 16.2R1-S6, 16.2R2; 17.1 versions prior to 17.1R2.
How severe is CVE-2018-0021?
Severity scoring for CVE-2018-0021 is pending analysis. The EPSS model estimates a 0.63% probability of exploitation in the next 30 days.
How do I fix CVE-2018-0021?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-0021?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST