Lucene search

JuniperCVE-2018-0050

HistoryOct 10, 2018 - 6:29 p.m.

CVE-2018-0050

2018-10-1018:29:02

CWE-20

juniper

web.nvd.nist.gov

juniper networks

junos os

rpd

cve-2018-0050

vulnerability

dos

mpls rsvp

routing protocols daemon

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

65.1%

JSON

An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic.

Affected configurations

Nvd

Node

juniperjunosMatch14.1

juniperjunosMatch14.1r1

juniperjunosMatch14.1r2

juniperjunosMatch14.1r3

juniperjunosMatch14.1r4

juniperjunosMatch14.1r5

juniperjunosMatch14.1r6

juniperjunosMatch14.1r7

juniperjunosMatch14.1r9

Node

juniperjunosMatch14.1x53

juniperjunosMatch14.1x53d10

juniperjunosMatch14.1x53d121

juniperjunosMatch14.1x53d15

juniperjunosMatch14.1x53d16

juniperjunosMatch14.1x53d25

juniperjunosMatch14.1x53d26

juniperjunosMatch14.1x53d27

juniperjunosMatch14.1x53d30

juniperjunosMatch14.1x53d35

juniperjunosMatch14.1x53d40

juniperjunosMatch14.1x53d42

juniperjunosMatch14.1x53d43

juniperjunosMatch14.1x53d44

juniperjunosMatch14.1x53d45

juniperjunosMatch14.1x53d46

juniperjunosMatch14.1x53d47

Node

juniperjunosMatch14.1x53

juniperjunosMatch14.1x53d10

juniperjunosMatch14.1x53d121

juniperjunosMatch14.1x53d15

juniperjunosMatch14.1x53d16

juniperjunosMatch14.1x53d25

juniperjunosMatch14.1x53d26

juniperjunosMatch14.1x53d27

juniperjunosMatch14.1x53d30

juniperjunosMatch14.1x53d35

juniperjunosMatch14.1x53d40

juniperjunosMatch14.1x53d42

juniperjunosMatch14.1x53d43

juniperjunosMatch14.1x53d44

juniperjunosMatch14.1x53d45

juniperjunosMatch14.1x53d46

juniperjunosMatch14.1x53d47

juniperjunosMatch14.1x53d48

juniperjunosMatch14.2

Node

juniperjunosMatch14.2

juniperjunosMatch14.2r1

juniperjunosMatch14.2r2

juniperjunosMatch14.2r3

VendorProductVersionCPE
juniperjunos14.1cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*
juniperjunos14.1cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*
juniperjunos14.1cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*
juniperjunos14.1cpe:2.3:o:juniper:junos:14.1:r3:*:*:*:*:*:*
juniperjunos14.1cpe:2.3:o:juniper:junos:14.1:r4:*:*:*:*:*:*
juniperjunos14.1cpe:2.3:o:juniper:junos:14.1:r5:*:*:*:*:*:*
juniperjunos14.1cpe:2.3:o:juniper:junos:14.1:r6:*:*:*:*:*:*
juniperjunos14.1cpe:2.3:o:juniper:junos:14.1:r7:*:*:*:*:*:*
juniperjunos14.1cpe:2.3:o:juniper:junos:14.1:r9:*:*:*:*:*:*
juniperjunos14.1x53cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	14.1	cpe:2.3:o:juniper:junos:14.1:::::::*
juniper	junos	14.1	cpe:2.3:o:juniper:junos:14.1:r1::::::
juniper	junos	14.1	cpe:2.3:o:juniper:junos:14.1:r2::::::
juniper	junos	14.1	cpe:2.3:o:juniper:junos:14.1:r3::::::
juniper	junos	14.1	cpe:2.3:o:juniper:junos:14.1:r4::::::
juniper	junos	14.1	cpe:2.3:o:juniper:junos:14.1:r5::::::
juniper	junos	14.1	cpe:2.3:o:juniper:junos:14.1:r6::::::
juniper	junos	14.1	cpe:2.3:o:juniper:junos:14.1:r7::::::
juniper	junos	14.1	cpe:2.3:o:juniper:junos:14.1:r9::::::
juniper	junos	14.1x53	cpe:2.3:o:juniper:junos:14.1x53:::::::*

Rows per page:

1-10 of 311

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "14.1R8-S5, 14.1R9",
        "status": "affected",
        "version": "14.1",
        "versionType": "custom"
      },
      {
        "lessThan": "14.2R4",
        "status": "affected",
        "version": "14.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QFX Switching"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "14.1X53-D48",
        "status": "affected",
        "version": "14.1X53",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QFabric System"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "14.1X53-D130",
        "status": "affected",
        "version": "14.2",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106206

www.securitytracker.com/id/1041851

kb.juniper.net/JSA10884

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

65.1%

JSON

Related for CVE-2018-0050