Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2344 JSA11026 - 2020-07 Security Bulletin: Junos OS: NFX150: Multiple vulnerabilities in BIOS firmware (INTEL-SA-00241) 9 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Junos OS Publisher: Juniper Networks Operating System: Juniper Impact/Access: Increased Privileges -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-11147 CVE-2019-11132 CVE-2019-11131 CVE-2019-11110 CVE-2019-11109 CVE-2019-11108 CVE-2019-11107 CVE-2019-11106 CVE-2019-11105 CVE-2019-11104 CVE-2019-11103 CVE-2019-11102 CVE-2019-11101 CVE-2019-11100 CVE-2019-11097 CVE-2019-11090 CVE-2019-11088 CVE-2019-11087 CVE-2019-11086 CVE-2019-0169 CVE-2019-0168 CVE-2019-0166 CVE-2019-0165 CVE-2019-0131 Reference: ESB-2020.0027 Original Bulletin: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11026 - --------------------------BEGIN INCLUDED TEXT-------------------- 2020-07 Security Bulletin: Junos OS: NFX150: Multiple vulnerabilities in BIOS firmware (INTEL-SA-00241) Article ID : JSA11026 Last Updated: 08 Jul 2020 Version : 1.0 Product Affected: These issues affect all versions of Junos OS running on the NFX150 Problem: Potential security vulnerabilities in Intel firmware, used in the NFX150 network services platform, may allow escalation of privilege, denial of service or information disclosure. Intel has released firmware updates to mitigate these potential vulnerabilities. This issue affects Juniper Networks Junos OS: o all versions prior to 19.4R2; o 20.1 versions prior to 20.1R2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was discovered during an external security research. Vulnerability Details: CVE CVSS Summary Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before CVE-2019-0169 8.8 versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access. Cross site scripting in subsystem in Intel(R) AMT before CVE-2019-11132 8.4 versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access. Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; CVE-2019-11147 7.8 TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access. Logic issue in subsystem for Intel(R) CSME before versions CVE-2019-11105 6.7 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access. Insufficient input validation in subsystem in Intel(R) AMT CVE-2019-11088 8.8 before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Logic issue in subsystem in Intel(R) AMT before versions CVE-2019-11131 9.8 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Insufficient input validation in MEInfo software for Intel (R) CSME before versions 11.8.70, 11.11.70, 11.22.70, CVE-2019-11104 7.8 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. Improper directory permissions in the installer for Intel (R) Management Engine Consumer Driver for Windows before CVE-2019-11097 7.8 versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. Insufficient input validation in firmware update software CVE-2019-11103 7.8 for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. Insufficient input validation in subsystem in Intel(R) AMT CVE-2019-0131 8.1 before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. Cryptographic timing conditions in the subsystem for Intel (R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and CVE-2019-11090 5.9 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access. Insufficient Input validation in the subsystem for Intel(R) CVE-2019-0165 4.4 CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access. Insufficient input validation in the subsystem for Intel(R) CVE-2019-0166 7.5 AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) CVE-2019-0168 4.4 TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, CVE-2019-11087 6.7 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, CVE-2019-11101 4.4 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Insufficient input validation in the subsystem for Intel(R) CVE-2019-11100 4.6 AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access. Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, CVE-2019-11102 4.4 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Insufficient session validation in the subsystem for Intel (R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and CVE-2019-11106 6.7 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access. Insufficient input validation in the subsystem for Intel(R) CVE-2019-11107 9.8 AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Logic issue in the subsystem for Intel(R) SPS before CVE-2019-11109 4.4 versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access. Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, CVE-2019-11110 6.7 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access. Insufficient input validation in subsystem for Intel(R) AMT CVE-2019-11086 6.8 before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Insufficient input validation in subsystem for Intel(R) CVE-2019-11108 6.7 CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. Solution: The following software releases have been updated to include updated BIOS firmware: Junos OS 19.4R2, 20.1R2, 20.2R1, and all subsequent releases. This issue is being tracked as 1480976 . Workaround: There are no known workarounds for this issue. Implementation: Software Releases, patches and updates are available at https://www.juniper.net /support/downloads/ . Modification History: 2020-07-08: Initial Publication CVSS Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Severity Level: Critical Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXwaWyeNLKJtyKPYoAQjXZBAAkgDxRxU19cj0EL2HezAUkBVvs94izUfb 2Jf6BVzVO3MYrrUps4Xw8umcGg5OLP+glx5GlLwzuBxPJTtsCQ9c6kUJ+yX05vPc Pf6vDg7EQ8pQy7YH4GdHUFv46nXhz/LLIqGW2GLKhX09uPxSwj3SSpI5vPtFY63i 0ooWZAE6CIsGR9yn8WfKFZ9DPkLOXvP8w9GHh09fscFvygimotzG+g/d4P4b6Bhh mFtGpSbN1OvyKRrU9wD05UBH4+ao/3eHpkPN+7ZVjDdXdeY02Izbcb+/6dZcdNRd 9xV42lFILNv919ODYlrN6Yw1wgeQtvu0eG2zKsruUSNcMnU3lXZWSjb/RdVXsAgH c85T2Y9c4P0i2GSTVtElHTWhssjDYYQMAikhqLL4Vz3Lf6Ezry+8ihxc0QllUd8X fPoNeLyl8BKB2j9BMnrLpEl6fm9ZIx7onKvbGt5z5IAEYeSAr/sGqCrHy4QZdhFu wzwwjAJVBV2fU8teEPUgzE8dslAVKiB2xx88IWmy5InZcaC/TRt8A/fJtMBEdiZb Qucd/L/IqscV25tymHhmF//RYPb9oKEI8PC8ntfynjBjeHuvgOzxLE9cZQSqW4/v XqCXdh8b+0PJmans++efZ8HqwWiOSHoXk9tcCjMIy772JN4iN5tYn9yk3vlBVgAS vFoQ1MO9qrk= =dA+M -----END PGP SIGNATURE-----