Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2344
JSA11026 - 2020-07 Security Bulletin: Junos OS: NFX150: Multiple
vulnerabilities in BIOS firmware (INTEL-SA-00241)
9 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Junos OS
Publisher: Juniper Networks
Operating System: Juniper
Impact/Access: Increased Privileges -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11147 CVE-2019-11132 CVE-2019-11131
CVE-2019-11110 CVE-2019-11109 CVE-2019-11108
CVE-2019-11107 CVE-2019-11106 CVE-2019-11105
CVE-2019-11104 CVE-2019-11103 CVE-2019-11102
CVE-2019-11101 CVE-2019-11100 CVE-2019-11097
CVE-2019-11090 CVE-2019-11088 CVE-2019-11087
CVE-2019-11086 CVE-2019-0169 CVE-2019-0168
CVE-2019-0166 CVE-2019-0165 CVE-2019-0131
Reference: ESB-2020.0027
Original Bulletin:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11026
- --------------------------BEGIN INCLUDED TEXT--------------------
2020-07 Security Bulletin: Junos OS: NFX150: Multiple vulnerabilities in BIOS firmware (INTEL-SA-00241)
Article ID : JSA11026
Last Updated: 08 Jul 2020
Version : 1.0
Product Affected:
These issues affect all versions of Junos OS running on the NFX150
Problem:
Potential security vulnerabilities in Intel firmware, used in the NFX150
network services platform, may allow escalation of privilege, denial of service
or information disclosure. Intel has released firmware updates to mitigate
these potential vulnerabilities.
This issue affects Juniper Networks Junos OS:
o all versions prior to 19.4R2;
o 20.1 versions prior to 20.1R2.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was discovered during an external security research.
Vulnerability Details:
CVE CVSS Summary
Heap overflow in subsystem in Intel(R) CSME before versions
11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before
CVE-2019-0169 8.8 versions 3.1.70 and 4.0.20 may allow an unauthenticated
user to potentially enable escalation of privileges,
information disclosure or denial of service via adjacent
access.
Cross site scripting in subsystem in Intel(R) AMT before
CVE-2019-11132 8.4 versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow
a privileged user to potentially enable escalation of
privilege via network access.
Insufficient access control in hardware abstraction driver
for MEInfo software for Intel(R) CSME before versions
11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10;
CVE-2019-11147 7.8 TXEInfo software for Intel(R) TXE before versions 3.1.70
and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0
or before; INTEL-SA-00125 Detection Tool version 1.0.45.0
or before may allow an authenticated user to potentially
enable escalation of privilege via local access.
Logic issue in subsystem for Intel(R) CSME before versions
CVE-2019-11105 6.7 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to
potentially enable escalation of privilege and information
disclosure via local access.
Insufficient input validation in subsystem in Intel(R) AMT
CVE-2019-11088 8.8 before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may
allow an unauthenticated user to potentially enable
escalation of privilege via adjacent access.
Logic issue in subsystem in Intel(R) AMT before versions
CVE-2019-11131 9.8 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an
unauthenticated user to potentially enable escalation of
privilege via network access.
Insufficient input validation in MEInfo software for Intel
(R) CSME before versions 11.8.70, 11.11.70, 11.22.70,
CVE-2019-11104 7.8 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions
3.1.70 and 4.0.20 may allow an authenticated user to
potentially enable escalation of privilege via local
access.
Improper directory permissions in the installer for Intel
(R) Management Engine Consumer Driver for Windows before
CVE-2019-11097 7.8 versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and
14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may
allow an authenticated user to potentially enable
escalation of privilege via local access.
Insufficient input validation in firmware update software
CVE-2019-11103 7.8 for Intel(R) CSME before versions 12.0.45,13.0.10 and
14.0.10 may allow an authenticated user to potentially
enable escalation of privilege via local access.
Insufficient input validation in subsystem in Intel(R) AMT
CVE-2019-0131 8.1 before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may
allow an unauthenticated user to potentially enable denial
of service or information disclosure via adjacent access.
Cryptographic timing conditions in the subsystem for Intel
(R) PTT before versions 11.8.70, 11.11.70, 11.22.70,
12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and
CVE-2019-11090 5.9 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0,
SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0,
SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an
unauthenticated user to potentially enable information
disclosure via network access.
Insufficient Input validation in the subsystem for Intel(R)
CVE-2019-0165 4.4 CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow
a privileged user to potentially enable denial of service
via local access.
Insufficient input validation in the subsystem for Intel(R)
CVE-2019-0166 7.5 AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45
may allow an unauthenticated user to potentially enable
information disclosure via network access.
Insufficient input validation in the subsystem for Intel(R)
CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R)
CVE-2019-0168 4.4 TXE before versions 3.1.70 and 4.0.20 may allow a
privileged user to potentially enable information
disclosure via local access.
Insufficient input validation in the subsystem for Intel(R)
CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,
CVE-2019-11087 6.7 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70
and 4.0.20 may allow a privileged user to potentially
enable escalation of privilege, information disclosure or
denial of service via local access.
Insufficient input validation in the subsystem for Intel(R)
CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,
CVE-2019-11101 4.4 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70
and 4.0.20 may allow a privileged user to potentially
enable information disclosure via local access.
Insufficient input validation in the subsystem for Intel(R)
CVE-2019-11100 4.6 AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45
may allow an unauthenticated user to potentially enable
information disclosure via physical access.
Insufficient input validation in Intel(R) DAL software for
Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70,
CVE-2019-11102 4.4 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions
3.1.70 and 4.0.20 may allow a privileged user to
potentially enable information disclosure via local access.
Insufficient session validation in the subsystem for Intel
(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and
CVE-2019-11106 6.7 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may
allow a privileged user to potentially enable escalation of
privilege via local access.
Insufficient input validation in the subsystem for Intel(R)
CVE-2019-11107 9.8 AMT before version 12.0.45 may allow an unauthenticated
user to potentially enable escalation of privilege via
network access.
Logic issue in the subsystem for Intel(R) SPS before
CVE-2019-11109 4.4 versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0
and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to
potentially enable denial of service via local access.
Authentication bypass in the subsystem for Intel(R) CSME
before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,
CVE-2019-11110 6.7 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70
and 4.0.20 may allow a privileged user to potentially
enable escalation of privilege via local access.
Insufficient input validation in subsystem for Intel(R) AMT
CVE-2019-11086 6.8 before version 12.0.45 may allow an unauthenticated user to
potentially enable escalation of privilege via physical
access.
Insufficient input validation in subsystem for Intel(R)
CVE-2019-11108 6.7 CSME before versions 12.0.45 and 13.0.10 may allow a
privileged user to potentially enable escalation of
privilege via local access.
Solution:
The following software releases have been updated to include updated BIOS
firmware: Junos OS 19.4R2, 20.1R2, 20.2R1, and all subsequent releases.
This issue is being tracked as 1480976 .
Workaround:
There are no known workarounds for this issue.
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net
/support/downloads/ .
Modification History:
2020-07-08: Initial Publication
CVSS Score:
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Severity Level:
Critical
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXwaWyeNLKJtyKPYoAQjXZBAAkgDxRxU19cj0EL2HezAUkBVvs94izUfb
2Jf6BVzVO3MYrrUps4Xw8umcGg5OLP+glx5GlLwzuBxPJTtsCQ9c6kUJ+yX05vPc
Pf6vDg7EQ8pQy7YH4GdHUFv46nXhz/LLIqGW2GLKhX09uPxSwj3SSpI5vPtFY63i
0ooWZAE6CIsGR9yn8WfKFZ9DPkLOXvP8w9GHh09fscFvygimotzG+g/d4P4b6Bhh
mFtGpSbN1OvyKRrU9wD05UBH4+ao/3eHpkPN+7ZVjDdXdeY02Izbcb+/6dZcdNRd
9xV42lFILNv919ODYlrN6Yw1wgeQtvu0eG2zKsruUSNcMnU3lXZWSjb/RdVXsAgH
c85T2Y9c4P0i2GSTVtElHTWhssjDYYQMAikhqLL4Vz3Lf6Ezry+8ihxc0QllUd8X
fPoNeLyl8BKB2j9BMnrLpEl6fm9ZIx7onKvbGt5z5IAEYeSAr/sGqCrHy4QZdhFu
wzwwjAJVBV2fU8teEPUgzE8dslAVKiB2xx88IWmy5InZcaC/TRt8A/fJtMBEdiZb
Qucd/L/IqscV25tymHhmF//RYPb9oKEI8PC8ntfynjBjeHuvgOzxLE9cZQSqW4/v
XqCXdh8b+0PJmans++efZ8HqwWiOSHoXk9tcCjMIy772JN4iN5tYn9yk3vlBVgAS
vFoQ1MO9qrk=
=dA+M
-----END PGP SIGNATURE-----