Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21736
HistoryApr 27, 2009 - 12:00 a.m.

Juniper Advisory

2009-04-2700:00:00
vulners.com
33
JSON

PR09-05: ScreenOS remote information disclosure on Juniper Netscreen ScreenOS Firewalls

Vulnerability found: 22nd March 2009

Vendor informed: 22nd March 2009

Severity: Low (information disclosure)

Description:

By simply requesting the about.html file, the firewall returns the version of ScreenOS and patch
level used and the feature set.
No authentication is needed to retrieve this information on the firewall's OS. It is common to
find exposed ScreenOS WebUI firewall management front-ends on the Internet, attackers might use
the exposed information to carry out targeted attacks knowing the version and patch level of the
firmware used.

Successfully tested on:
Juniper Networks SSG 320 ScreenOS Version: 6.2.0r1.0
Juniper Networks netscreen SSG 520 ScreenOS Version:6.1.0r1.0
Juniper Networks netscreen 208 ScreenOS Version: 5.4.0r10.0

Proof of concept:

http://target-domain.foo/about.html
https://target-domain.foo/about.html

Returns:

            Juniper Networks, Inc.

            Version: 6.2.0r1.0 (Firewall+VPN)

            ScreenOS WebUI
            Copyright © 1997-2008 Juniper Networks, Inc.
            All Rights Reserved.


            For the latest technical information visit:
            http://www.juniper.net

Consequences:

A remote attacker could recover information with regards to the target site's operating system
version and patch level.

This kind of information might be useful to attackers in certain scenarios. i.e.: when
attempting to exploit published

vulnerabilities in a outdated version of ScreenOS.

Fix:

Ensure that the firewall's management interface is disabled on the Internet connected interface,
by disabling WeBUI within service

options on the Internet connected interface.

Juniper Networks have released the 6.2.0r2.0, 6.2R2 and 5.4.0r12 software updates on the 8th
April 2009 which solves the issue.

Vendor feedback:-

Juniper stated that no security advisory is needed to be released due to the low CVSS score of
the vulnerability, and Juniper knew of the issue already.

Procheckup found this issue affected different Juniper firewall firmware, going back to at least
2006.

References:

http://www.procheckup.com/Vulnerabilities.php
http://www.juniper.net/us/en/products-services/security/ssg-series/

Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)

Legal:

Copyright 2009 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the Internet community for
the purpose of alerting them to

problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to
Procheckup, and provided such

reproduction and/or distribution is performed for non-commercial purposes.

Any other use of this information is prohibited. Procheckup is not liable for any misuse of this
information by any third party.

JSON