CVE-2018-0029

Published: Jul 11, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2.

Affected (91)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1
Juniper Junos	Version 15.1 a1
Juniper Junos	Version 15.1 f1
Juniper Junos	Version 15.1 f2-s1
Juniper Junos	Version 15.1 f2-s2
Juniper Junos	Version 15.1 f2-s3
Juniper Junos	Version 15.1 f2-s4
Juniper Junos	Version 15.1 f2
Juniper Junos	Version 15.1 f3
Juniper Junos	Version 15.1 f4
Juniper Junos	Version 15.1 f5
Juniper Junos	Version 15.1 f6
Juniper Junos	Version 15.1 r4-s9
Juniper Junos	Version 15.1 r6-s6
Juniper Junos	Version 15.1 r7

Configuration B

19 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1x49
Juniper Junos	Version 15.1x49 d100
Juniper Junos	Version 15.1x49 d10
Juniper Junos	Version 15.1x49 d110
Juniper Junos	Version 15.1x49 d120
Juniper Junos	Version 15.1x49 d130
Juniper Junos	Version 15.1x49 d20
Juniper Junos	Version 15.1x49 d30
Juniper Junos	Version 15.1x49 d35
Juniper Junos	Version 15.1x49 d40
Juniper Junos	Version 15.1x49 d45
Juniper Junos	Version 15.1x49 d50
Juniper Junos	Version 15.1x49 d55
Juniper Junos	Version 15.1x49 d60
Juniper Junos	Version 15.1x49 d65
Juniper Junos	Version 15.1x49 d70
Juniper Junos	Version 15.1x49 d75
Juniper Junos	Version 15.1x49 d80
Juniper Junos	Version 15.1x49 d90

Configuration C

2 platform

Running on/with	Platform Versions
Juniper Ex2300	All versions
Juniper Ex3400	All versions

Configuration D

2 platform

Running on/with	Platform Versions
Juniper Qfx5110	All versions
Juniper Qfx5200	All versions

Configuration E

28 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1x53
Juniper Junos	Version 15.1x53 d20
Juniper Junos	Version 15.1x53 d210
Juniper Junos	Version 15.1x53 d21
Juniper Junos	Version 15.1x53 d230
Juniper Junos	Version 15.1x53 d231
Juniper Junos	Version 15.1x53 d232
Juniper Junos	Version 15.1x53 d25
Juniper Junos	Version 15.1x53 d30
Juniper Junos	Version 15.1x53 d32
Juniper Junos	Version 15.1x53 d33
Juniper Junos	Version 15.1x53 d34
Juniper Junos	Version 15.1x53 d40
Juniper Junos	Version 15.1x53 d45
Juniper Junos	Version 15.1x53 d50
Juniper Junos	Version 15.1x53 d51
Juniper Junos	Version 15.1x53 d52
Juniper Junos	Version 15.1x53 d55
Juniper Junos	Version 15.1x53 d56
Juniper Junos	Version 15.1x53 d57
Juniper Junos	Version 15.1x53 d58
Juniper Junos	Version 15.1x53 d60
Juniper Junos	Version 15.1x53 d61
Juniper Junos	Version 15.1x53 d62
Juniper Junos	Version 15.1x53 d63
Juniper Junos	Version 15.1x53 d64
Juniper Junos	Version 15.1x53 d65
Juniper Junos	Version 15.1x53 d66

Running on/with	Platform Versions
Juniper Nfx250	All versions

Configuration F

7 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 16.1
Juniper Junos	Version 16.1 r1
Juniper Junos	Version 16.1 r2
Juniper Junos	Version 16.1 r3
Juniper Junos	Version 16.1 r5-s4
Juniper Junos	Version 16.1 r6-s1
Juniper Junos	Version 16.1 r7

Configuration G

4 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 16.2
Juniper Junos	Version 16.2 r1
Juniper Junos	Version 16.2 r2-s5
Juniper Junos	Version 16.2 r3

Configuration H

5 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.1
Juniper Junos	Version 17.1 r1
Juniper Junos	Version 17.1 r2-s7
Juniper Junos	Version 17.1 r2
Juniper Junos	Version 17.1 r3

Configuration I

2 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.2x75
Juniper Junos	Version 17.2x75 d110

Configuration J

3 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.3
Juniper Junos	Version 17.3 r1
Juniper Junos	Version 17.3 r2

Configuration K

3 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.4
Juniper Junos	Version 17.4 r1
Juniper Junos	Version 17.4 r2

Configuration L

5 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.2
Juniper Junos	Version 17.2 r1
Juniper Junos	Version 17.2 r2-s4
Juniper Junos	Version 17.2 r2
Juniper Junos	Version 17.2 r3

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

http://www.securitytracker.com/id/1041319

Source: sirt@juniper.net

Third Party AdvisoryVDB Entry

https://kb.juniper.net/JSA10863

Source: sirt@juniper.net

MitigationVendor Advisory

http://www.securitytracker.com/id/1041319

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://kb.juniper.net/JSA10863

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.