Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-0049
HistoryOct 10, 2018 - 6:29 p.m.

CVE-2018-0049

2018-10-1018:29:02
CWE-476
[email protected]
web.nvd.nist.gov
30
2
cve-2018-0049
juniper networks
junos os
vulnerability
kernel crash
denial of service
nvd
security advisory

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 12.3R12-S10; 12.3X48 versions above and including 12.3X48-D66 prior to 12.3X48-D75 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions above and including 14.1X53-D115 prior to 14.1X53-D130 on QFabric System; 15.1 versions above and including 15.1F6-S10; 15.1R4-S9; 15.1R6-S6; 15.1 versions above and including 15.1R7 prior to 15.1R7-S2; 15.1X49 versions above and including 15.1X49-D131 prior to 15.1X49-D150 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 15.1X53 versions above 15.1X53-D233 prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions up to and including 15.1X53-D471 prior to 15.1X53-D590 on NFX150, NFX250; 15.1X53-D67 on QFX10000 Series; 15.1X53-D59 on EX2300/EX3400; 16.1 versions above and including 16.1R3-S8; 16.1 versions above and including 16.1R4-S9 prior to 16.1R4-S12; 16.1 versions above and including 16.1R5-S4; 16.1 versions above and including 16.1R6-S3 prior to 16.1R6-S6; 16.1 versions above and including 16.1R7 prior to 16.1R7-S2; 16.2 versions above and including 16.2R1-S6; 16.2 versions above and including 16.2R2-S5 prior to 16.2R2-S7; 17.1R1-S7; 17.1 versions above and including 17.1R2-S7 prior to 17.1R2-S9; 17.2R1-S6; 17.2 versions above and including 17.2R2-S4 prior to 17.2R2-S6; 17.2X75 versions above and including 17.2X75-D100 prior to X17.2X75-D101, 17.2X75-D110; 17.3 versions above and including 17.3R1-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3 versions above and including 17.3R2-S2 prior to 17.3R2-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4 versions above and including 17.4R1-S3 prior to 17.4R1-S5 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.1 versions above and including 18.1R2 prior to 18.1R2-S3, 18.1R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2 versions above and including 18.2R1 prior to 18.2R1-S2, 18.2R1-S3, 18.2R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2X75 versions above and including 18.2X75-D5 prior to 18.2X75-D20.

Affected configurations

NVD
Node
junipersrx100Match-
OR
junipersrx110Match-
OR
junipersrx1400Match-
OR
junipersrx1500Match-
OR
junipersrx210Match-
OR
junipersrx220Match-
OR
junipersrx240Match-
OR
junipersrx240h2Match-
OR
junipersrx300Match-
OR
junipersrx320Match-
OR
junipersrx340Match-
OR
junipersrx3400Match-
OR
junipersrx345Match-
OR
junipersrx3600Match-
OR
junipersrx380Match-
OR
junipersrx4000Match-
OR
junipersrx4100Match-
OR
junipersrx4200Match-
OR
junipersrx4600Match-
OR
junipersrx5000Match-
OR
junipersrx5400Match-
OR
junipersrx550Match-
OR
junipersrx550_hmMatch-
OR
junipersrx550mMatch-
OR
junipersrx5600Match-
OR
junipersrx5800Match-
OR
junipersrx650Match-
AND
juniperjunosMatch12.1x46d76
OR
juniperjunosMatch12.1x46d77
OR
juniperjunosMatch12.3x48d66
OR
juniperjunosMatch12.3x48d70
Node
juniperjunosMatch12.3r12-s10
OR
juniperjunosMatch15.1f6-s10
OR
juniperjunosMatch15.1f6-s12
OR
juniperjunosMatch15.1f7
OR
juniperjunosMatch15.1r
OR
juniperjunosMatch15.1r1
OR
juniperjunosMatch15.1r2
OR
juniperjunosMatch15.1r3
OR
juniperjunosMatch15.1r4
OR
juniperjunosMatch15.1r4-s7
OR
juniperjunosMatch15.1r4-s8
OR
juniperjunosMatch15.1r4-s9
OR
juniperjunosMatch15.1r5
OR
juniperjunosMatch15.1r5-s1
OR
juniperjunosMatch15.1r5-s3
OR
juniperjunosMatch15.1r5-s5
OR
juniperjunosMatch15.1r5-s6
OR
juniperjunosMatch15.1r6
OR
juniperjunosMatch15.1r6-s1
OR
juniperjunosMatch15.1r6-s2
OR
juniperjunosMatch15.1r6-s3
OR
juniperjunosMatch15.1r6-s4
OR
juniperjunosMatch15.1r6-s6
OR
juniperjunosMatch15.1r7
OR
juniperjunosMatch15.1r7-s1
OR
juniperjunosMatch16.1r3-s8
OR
juniperjunosMatch16.1r4
OR
juniperjunosMatch16.1r4-s2
OR
juniperjunosMatch16.1r4-s3
OR
juniperjunosMatch16.1r4-s4
OR
juniperjunosMatch16.1r4-s6
OR
juniperjunosMatch16.1r4-s8
OR
juniperjunosMatch16.1r4-s9
OR
juniperjunosMatch16.1r5-s4
OR
juniperjunosMatch16.1r6
OR
juniperjunosMatch16.1r6-s1
OR
juniperjunosMatch16.1r6-s3
OR
juniperjunosMatch16.1r6-s4
OR
juniperjunosMatch16.1r7
OR
juniperjunosMatch16.2r1-s6
OR
juniperjunosMatch16.2r2
OR
juniperjunosMatch16.2r2-s1
OR
juniperjunosMatch16.2r2-s10
OR
juniperjunosMatch16.2r2-s2
OR
juniperjunosMatch16.2r2-s5
OR
juniperjunosMatch16.2r2-s6
OR
juniperjunosMatch17.1r1-s7
OR
juniperjunosMatch17.1r2-s7
OR
juniperjunosMatch17.1r2-s8
OR
juniperjunosMatch17.2r1-s6
OR
juniperjunosMatch17.2r2-s4
OR
juniperjunosMatch17.2x75d100
OR
juniperjunosMatch18.2x75d12
OR
juniperjunosMatch18.2x75d5
Node
juniperex2200Match-
OR
juniperex2200-vcMatch-
OR
juniperex3200Match-
OR
juniperex3300Match-
OR
juniperex3300-vcMatch-
OR
juniperex4200Match-
OR
juniperex4300Match-
OR
juniperex4550Match-
OR
juniperex4550-vcMatch-
OR
juniperex4600Match-
OR
juniperex6200Match-
OR
juniperex8200Match-
OR
juniperex8200-vcMatch-
OR
juniperqfx3500Match-
OR
juniperqfx3600Match-
OR
juniperqfx5100Match-
AND
juniperjunosMatch14.1x53d47
Node
junipersrx100Match-
OR
junipersrx110Match-
OR
junipersrx1500Match-
OR
junipersrx210Match-
OR
junipersrx220Match-
OR
junipersrx240mMatch-
OR
junipersrx300Match-
OR
junipersrx320Match-
OR
junipersrx340Match-
OR
junipersrx345Match-
OR
junipersrx4100Match-
OR
junipersrx4200Match-
OR
junipersrx4600Match-
OR
junipersrx550mMatch-
OR
junipersrx650Match-
AND
juniperjunosMatch15.1x49d131
OR
juniperjunosMatch15.1x49d140
OR
juniperjunosMatch17.3r1-s4
OR
juniperjunosMatch17.3r2
OR
juniperjunosMatch17.3r2-s1
OR
juniperjunosMatch17.3r2-s2
OR
juniperjunosMatch17.3r2-s3
OR
juniperjunosMatch17.3r3
OR
juniperjunosMatch17.4r1-s3
OR
juniperjunosMatch17.4r1-s4
OR
juniperjunosMatch17.4r2
OR
juniperjunosMatch18.1r2
OR
juniperjunosMatch18.1r2-s1
OR
juniperjunosMatch18.1r2-s2
OR
juniperjunosMatch18.2r1
Node
juniperqfx5110Match-
OR
juniperqfx5200Match-
AND
juniperjunosMatch15.1x53d233
OR
juniperjunosMatch15.1x53d234
Node
junipernfx150Match-
OR
junipernfx250Match-
AND
juniperjunosMatch15.1x53d471
OR
juniperjunosMatch15.1x53d490
OR
juniperjunosMatch15.1x53d495
Node
juniperqfx10000Match-
OR
juniperqfx10002Match-
OR
juniperqfx10002-32qMatch-
OR
juniperqfx10002-60cMatch-
OR
juniperqfx10002-72qMatch-
OR
juniperqfx10008Match-
OR
juniperqfx10016Match-
AND
juniperjunosMatch15.1x53d67
Node
juniperex2300Match-
OR
juniperex3400Match-
AND
juniperjunosMatch15.1x53d59

CNA Affected

[
  {
    "platforms": [
      "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "12.1X46-D81",
            "status": "unaffected"
          }
        ],
        "lessThan": "12.1X46*",
        "status": "affected",
        "version": "12.1X46-D76",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "12.3X48-D75",
            "status": "unaffected"
          }
        ],
        "lessThan": "12.3X48*",
        "status": "affected",
        "version": "12.3X48-D66",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "15.1X49-D150",
            "status": "unaffected"
          }
        ],
        "lessThan": "15.1X49*",
        "status": "affected",
        "version": "15.1X49-D131",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "12.3R12-S10"
      },
      {
        "status": "affected",
        "version": "15.1R4-S9"
      },
      {
        "status": "affected",
        "version": "15.1R6-S6"
      },
      {
        "status": "affected",
        "version": "17.1R1-S7"
      },
      {
        "status": "affected",
        "version": "17.2R1-S6"
      },
      {
        "changes": [
          {
            "at": "15.1R7",
            "status": "affected"
          },
          {
            "at": "15.1R7-S2",
            "status": "unaffected"
          }
        ],
        "lessThan": "15.1*",
        "status": "affected",
        "version": "15.1F6-S10",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "16.1R4-S9",
            "status": "affected"
          },
          {
            "at": "16.1R4-S12",
            "status": "unaffected"
          },
          {
            "at": "16.1R5-S4",
            "status": "affected"
          },
          {
            "at": "16.1R6-S3",
            "status": "affected"
          },
          {
            "at": "16.1R6-S6",
            "status": "unaffected"
          },
          {
            "at": "16.1R7",
            "status": "affected"
          },
          {
            "at": "16.1R7-S2",
            "status": "unaffected"
          }
        ],
        "lessThan": "16.1*",
        "status": "affected",
        "version": "16.1R3-S8",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "16.2R2-S5",
            "status": "affected"
          },
          {
            "at": "16.2R2-S7",
            "status": "unaffected"
          }
        ],
        "lessThan": "16.2*",
        "status": "affected",
        "version": "16.2R1-S6",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "17.1R2-S9",
            "status": "unaffected"
          }
        ],
        "lessThan": "17.1*",
        "status": "affected",
        "version": "17.1R2-S7",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "17.2R2-S6",
            "status": "unaffected"
          }
        ],
        "lessThan": "17.2*",
        "status": "affected",
        "version": "17.2R2-S4",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "17.2X75-D101, 17.2X75-D110",
            "status": "unaffected"
          }
        ],
        "lessThan": "17.2X75*",
        "status": "affected",
        "version": "17.2X75-D100",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "18.2X75-D20",
            "status": "unaffected"
          }
        ],
        "lessThan": "18.2X75*",
        "status": "affected",
        "version": "18.2X75-D5",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "14.1X53-D47"
      }
    ]
  },
  {
    "platforms": [
      "QFabric System"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "14.1X53-D130",
            "status": "unaffected"
          }
        ],
        "lessThan": "14.1X53*",
        "status": "affected",
        "version": "14.1X53-D115",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QFX5200/QFX5110"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "15.1X53-D235",
            "status": "unaffected"
          }
        ],
        "lessThan": "15.1X53*",
        "status": "affected",
        "version": "15.1X53-D233",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "NFX150, NFX250"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "15.1X53-D590",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "15.1X53-D471",
        "status": "affected",
        "version": "15.1X53",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QFX10000 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "15.1X53-D67"
      }
    ]
  },
  {
    "platforms": [
      "EX2300/EX3400"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "15.1X53-D59"
      }
    ]
  },
  {
    "platforms": [
      "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "17.3R3"
      },
      {
        "status": "affected",
        "version": "17.4R2"
      },
      {
        "changes": [
          {
            "at": "17.3R2-S2",
            "status": "affected"
          },
          {
            "at": "17.3R2-S4",
            "status": "unaffected"
          }
        ],
        "lessThan": "17.3*",
        "status": "affected",
        "version": "17.3R1-S4",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "17.4R1-S5",
            "status": "unaffected"
          }
        ],
        "lessThan": "17.4*",
        "status": "affected",
        "version": "17.4R1-S3",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "18.1R2-S3, 18.1R3",
            "status": "unaffected"
          }
        ],
        "lessThan": "18.1*",
        "status": "affected",
        "version": "18.1R2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "18.2R1-S2, 18.2R1-S3, 18.2R2",
            "status": "unaffected"
          }
        ],
        "lessThan": "18.2*",
        "status": "affected",
        "version": "18.2R1",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2018-0049 Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash.
2018-10-10 00:00:00
prion
prion
Null pointer dereference
2018-10-10 18:29:00
nvd
nvd
CVE-2018-0049
2018-10-10 18:29:02

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON
Related for CVE-2018-0049
cvelist1prion1nvd1