CVE-2018-0024

Name: CVE-2018-0024
Creator: NVD / NIST
Published: 2018-07-11T18:29:00.167+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.38%

Last modified Jun 17, 2026

CVE-2018-0024 is a vulnerability of currently unknown severity. An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.

Metrics

EPSS Probability

0.38%

29.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-269

Affected Software

Vendor	Product	Versions
Juniper	Junos	12.1x46
Juniper	Junos	12.3x48
Juniper	Junos	12.3
Juniper	Junos	14.1x53
Juniper	Junos	15.1x49

References

http://www.securityfocus.com/bid/104718Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041314Third Party Advisory, VDB Entry
https://kb.juniper.net/JSA10857Mitigation, Vendor Advisory
http://www.securityfocus.com/bid/104718Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041314Third Party Advisory, VDB Entry
https://kb.juniper.net/JSA10857Mitigation, Vendor Advisory

Timeline

Published: Jul 11, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-0024?

How severe is CVE-2018-0024?

Severity scoring for CVE-2018-0024 is pending analysis. The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.

How do I fix CVE-2018-0024?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-0024?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST