← Back

CVE-2018-0032

nvd nist
Published: Jul 11, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2.

Affected (9)

Products: Juniper: Junos
Juniper
1 product
Junos
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 16.1x65
Junos
Version 16.1x65 d30
Junos
Version 16.1x65 d35
Junos
Version 16.1x65 d40
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Junos
Version 17.2x75
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 17.3
Junos
Version 17.3 r1
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 17.4
Junos
Version 17.4 r1

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

Source: sirt@juniper.net
Third Party AdvisoryVDB Entry
Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.