CVE-2018-0045

Published: Oct 10, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a prolonged denial of service. This issue may occur when the Junos OS device is configured for Draft-Rosen multicast virtual private network (MVPN). The VPN is multicast-enabled and configured to use Protocol Independent Multicast (PIM) protocol within the VPN. This issue can only be exploited from the PE device within the MPLS domain which is capable of forwarding IP multicast traffic in core. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. No other Juniper Networks products or platforms are affected by this issue.

Affected (105)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 12.1x46
Juniper Junos	Version 12.1x46 d10
Juniper Junos	Version 12.1x46 d15
Juniper Junos	Version 12.1x46 d20
Juniper Junos	Version 12.1x46 d25
Juniper Junos	Version 12.1x46 d30
Juniper Junos	Version 12.1x46 d35
Juniper Junos	Version 12.1x46 d40
Juniper Junos	Version 12.1x46 d45
Juniper Junos	Version 12.1x46 d50
Juniper Junos	Version 12.1x46 d55
Juniper Junos	Version 12.1x46 d60

Configuration B

11 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 12.3
Juniper Junos	Version 12.3 r11
Juniper Junos	Version 12.3 r1
Juniper Junos	Version 12.3 r2
Juniper Junos	Version 12.3 r3
Juniper Junos	Version 12.3 r4
Juniper Junos	Version 12.3 r5
Juniper Junos	Version 12.3 r6
Juniper Junos	Version 12.3 r7
Juniper Junos	Version 12.3 r8
Juniper Junos	Version 12.3 r9

Configuration C

12 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 12.3x48
Juniper Junos	Version 12.3x48 d10
Juniper Junos	Version 12.3x48 d15
Juniper Junos	Version 12.3x48 d25
Juniper Junos	Version 12.3x48 d30
Juniper Junos	Version 12.3x48 d35
Juniper Junos	Version 12.3x48 d40
Juniper Junos	Version 12.3x48 d45
Juniper Junos	Version 12.3x48 d50
Juniper Junos	Version 12.3x48 d55
Juniper Junos	Version 12.3x48 d60
Juniper Junos	Version 12.3x48 d65

Configuration D

7 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1
Juniper Junos	Version 15.1 f3
Juniper Junos	Version 15.1 f4
Juniper Junos	Version 15.1 f5
Juniper Junos	Version 15.1 r1
Juniper Junos	Version 15.1 r2
Juniper Junos	Version 15.1 r3

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1 f6

Configuration F

19 vulnerable · 15 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1x49
Juniper Junos	Version 15.1x49 d100
Juniper Junos	Version 15.1x49 d10
Juniper Junos	Version 15.1x49 d110
Juniper Junos	Version 15.1x49 d120
Juniper Junos	Version 15.1x49 d130
Juniper Junos	Version 15.1x49 d20
Juniper Junos	Version 15.1x49 d30
Juniper Junos	Version 15.1x49 d35
Juniper Junos	Version 15.1x49 d40
Juniper Junos	Version 15.1x49 d45
Juniper Junos	Version 15.1x49 d50
Juniper Junos	Version 15.1x49 d55
Juniper Junos	Version 15.1x49 d60
Juniper Junos	Version 15.1x49 d65
Juniper Junos	Version 15.1x49 d70
Juniper Junos	Version 15.1x49 d75
Juniper Junos	Version 15.1x49 d80
Juniper Junos	Version 15.1x49 d90

Running on/with	Platform Versions
Juniper Srx100	All versions
Juniper Srx110	All versions
Juniper Srx1500	All versions
Juniper Srx210	All versions
Juniper Srx220	All versions
Juniper Srx240m	All versions
Juniper Srx300	All versions
Juniper Srx320	All versions
Juniper Srx340	All versions
Juniper Srx345	All versions
Juniper Srx4100	All versions
Juniper Srx4200	All versions
Juniper Srx4600	All versions
Juniper Srx550m	All versions
Juniper Srx650	All versions

Configuration G

6 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1x53 d50
Juniper Junos	Version 15.1x53 d51
Juniper Junos	Version 15.1x53 d52
Juniper Junos	Version 15.1x53 d55
Juniper Junos	Version 15.1x53 d57
Juniper Junos	Version 15.1x53 d58

Running on/with	Platform Versions
Juniper Ex2300	All versions
Juniper Ex3400	All versions

Configuration H

1 platform

Running on/with	Platform Versions
Juniper Qfx10000	All versions

Configuration I

2 platform

Running on/with	Platform Versions
Juniper Qfx5110	All versions
Juniper Qfx5200	All versions

Configuration J

22 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1x53
Juniper Junos	Version 15.1x53 d20
Juniper Junos	Version 15.1x53 d210
Juniper Junos	Version 15.1x53 d21
Juniper Junos	Version 15.1x53 d230
Juniper Junos	Version 15.1x53 d231
Juniper Junos	Version 15.1x53 d232
Juniper Junos	Version 15.1x53 d25
Juniper Junos	Version 15.1x53 d30
Juniper Junos	Version 15.1x53 d32
Juniper Junos	Version 15.1x53 d33
Juniper Junos	Version 15.1x53 d34
Juniper Junos	Version 15.1x53 d40
Juniper Junos	Version 15.1x53 d45
Juniper Junos	Version 15.1x53 d490
Juniper Junos	Version 15.1x53 d60
Juniper Junos	Version 15.1x53 d61
Juniper Junos	Version 15.1x53 d62
Juniper Junos	Version 15.1x53 d63
Juniper Junos	Version 15.1x53 d64
Juniper Junos	Version 15.1x53 d65
Juniper Junos	Version 15.1x53 d66

Running on/with	Platform Versions
Juniper Nfx150	All versions
Juniper Nfx250	All versions

Configuration K

4 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 16.1
Juniper Junos	Version 16.1 r1
Juniper Junos	Version 16.1 r2
Juniper Junos	Version 16.1 r3

Configuration L

2 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 16.2
Juniper Junos	Version 16.2 r1

Configuration M

1 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.1

Configuration N

3 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.2
Juniper Junos	Version 17.2 r1
Juniper Junos	Version 17.2 r2

Configuration O

2 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.3
Juniper Junos	Version 17.3 r1

Configuration P

1 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.4

Configuration Q

2 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 18.1
Juniper Junos	Version 18.1 r1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securitytracker.com/id/1041848

Source: sirt@juniper.net

Third Party AdvisoryVDB Entry

https://kb.juniper.net/JSA10879

Source: sirt@juniper.net

Vendor Advisory

http://www.securitytracker.com/id/1041848

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://kb.juniper.net/JSA10879

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.