CVE-2018-0035

Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images

Description

QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue.

Remediation

Solution:

  • In order to resolve this issue (remove the ONIE partition from the device), customer needs to reimage the device using the USB or PXE image from the Juniper download page. The affected Junos image files have been removed from the Juniper download page.

Workaround:

  • There are no known workarounds for this issue. It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to device only from trusted, administrative networks or hosts. Limit CLI access to the device from only trusted hosts and administrators.
4.4
CVSS
Severity: Medium
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.11%
Vendor Advisory juniper.net
Affected: Juniper Networks Junos OS
Published at:
Updated at:

References

Link Tags
https://kb.juniper.net/JSA10869 vendor advisory
http://www.securitytracker.com/id/1041336 vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2018-0035?
CVE-2018-0035 has been scored as a medium severity vulnerability.
How to fix CVE-2018-0035?
To fix CVE-2018-0035: In order to resolve this issue (remove the ONIE partition from the device), customer needs to reimage the device using the USB or PXE image from the Juniper download page. The affected Junos image files have been removed from the Juniper download page.
Is CVE-2018-0035 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2018-0035 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-0035?
CVE-2018-0035 affects Juniper Networks Junos OS.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.