• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Secure Elements Class 5 AVR Multiple Remote Vulnerabilities

Severity: CRITICAL

Description:

Secure Elements Class 5 AVR (Automated Vulnerability Remediation) is susceptible to multiple vulnerabilities. These issues affect both clients and servers.

The following vulnerabilities affect server installations:

- US-CERT VU#207161: A denial-of-service vulnerability due to the server's failure to properly authenticate client registration messages. Attackers can forge numerous registration messages, causing the server to consume excessive resources and deny service to legitimate users.

- US-CERT VU#764025: An arbitrary file-overwrite vulnerability due to the server's failure to properly validate pathnames of files when downloading software updates. This issue allows attackers to overwrite arbitrary files on the server.

- US-CERT VU#919345: A vulnerability that allows attackers to forge client messages. This issue is due to the server's failure to properly validate source-addresses of messages. This allows attackers to perform man-in-the-middle attacks or to alter client information stored by the server.

- US-CERT VU#135529: An information-disclosure vulnerability due to the server's failure to require that communications between clients and servers be encrypted. If clients communicate to the server in plain text, responses from the server will also be in plain text. This may allow attackers to access potentially sensitive information.

- US-CERT VU#207337: A vulnerability that causes servers to fail to validate peer certificates when downloading software updates. This allows remote attackers to send malicious executable content to servers, which will in turn be distributed to all clients.

- US-CERT VU#397417: An authentication-bypass vulnerability due to the server's failure to validate credentials for console operations. The server expects the administrative console application to perform authentication checks. This allows remote attackers to gain administrative access to affected servers.

- US-CERT VU#584329: A backdoor-administrative account vulnerability. This issue is due to a hardcoded user ID and password in the application, allowing remote attackers to gain administrative access to affected servers.

- US-CERT VU#456729: A man-in-the-middle vulnerability due to the server's failure to validate the integrity of message digests of communications between clients and servers. This issue allows attackers to replay and modify messages.

- US-CERT VU#487617: A denial-of-service vulnerability due to the server's failure to properly authenticate 'session start' messages. Attackers may exploit this issue to cause servers to initiate TCP connections to arbitrary hosts, potentially causing denial-of-service conditions on targeted servers and destinations.

The following vulnerabilities affect client installations:

- US-CERT VU#873409: A buffer-overflow vulnerability due to improperly bounds-checking EM_SET_CE_PARAMETER messages from servers. This allows remote attackers to gain access to potentially sensitive process memory.

- US-CERT VU#353945: A weak client ID (CEID) vulnerability due to the insecure generation of unique CEIDs. This issue allows attackers to guess unique client identifiers, potentially aiding them in further attacks.

- US-CERT VU#921017: An information-disclosure vulnerability due to the client's failure to require that communications between clients and servers is encrypted. If the server communicates to the client in plain text, responses from the client will also be in plain text. This may allow attackers to gain access to potentially sensitive information.

- US-CERT VU#912217: An arbitrary file-overwrite vulnerability due to the client's failure to properly validate pathnames in unspecified messages. This allows attackers to overwrite arbitrary files with superuser privileges.

- US-CERT VU#288121: An arbitrary code-execution vulnerability due to the client's failure to properly validate the source address of incoming messages. This allows attackers to execute arbitrary machine code with superuser privileges on client computers.

- US-CERT VU#227929: A buffer-overflow vulnerability due to the client's failure to properly bounds-check EM_GET_CE_PARAMETER messages from servers. This allows remote attackers to gain access to potentially sensitive process memory.

- US-CERT VU#353769: A man-in-the-middle vulnerability due to the client's failure to validate the integrity of message digests of communications between clients and servers. This issue allows attackers to replay and modify messages.

- US-CERT VU#635721: A vulnerability that aids malicious users in attacks. This issue is due to the failure of clients to properly validate the CEID of messages. This aids attackers because they don't have to guess or obtain valid CEIDs of clients that they wish to attack.

The following vulnerabilities affect both client and server installations:

- US-CERT VU#346377: An encryption weakness that may aid attackers in statistical analysis of encrypted communications. This issue is due to the same encryption key and initialization vector being used for all message sessions while clients and servers communicate.

- US-CERT VU#566553: A vulnerability that allows attackers to decrypt communications between clients and servers. This issue is due to the use of a fixed-RSA key for all installations of the application.

Secure Elements Class 5 AVR has been renamed to EVM (Enterprise Vulnerability Management). Class 5 EVM versions prior to 2.8.1 and Class 5 AVR are vulnerable to these issues.

Affected Products:

• Secure Elements Class 5 AVR
• Secure Elements Class 5 EVM

References:

• Secure Elements: Secure Elements Products Page
• US-CERT: Vulnerability Note VU#135529
• US-CERT: Vulnerability Note VU#207161
• US-CERT: Vulnerability Note VU#207337
• US-CERT: Vulnerability Note VU#227929
• US-CERT: Vulnerability Note VU#288121
• US-CERT: Vulnerability Note VU#346377
• US-CERT: Vulnerability Note VU#353769
• US-CERT: Vulnerability Note VU#353945
• US-CERT: Vulnerability Note VU#397417
• US-CERT: Vulnerability Note VU#456729
• US-CERT: Vulnerability Note VU#487617
• US-CERT: Vulnerability Note VU#566553
• US-CERT: Vulnerability Note VU#584329
• US-CERT: Vulnerability Note VU#635721
• US-CERT: Vulnerability Note VU#764025
• US-CERT: Vulnerability Note VU#873409
• US-CERT: Vulnerability Note VU#912217
• US-CERT: Vulnerability Note VU#919345
• US-CERT: Vulnerability Note VU#921017

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.