| Vulnerability Name: | CVE-2018-0017 (CCN-141504) | ||||||||||||
| Assigned: | 2017-11-16 | ||||||||||||
| Published: | 2018-04-11 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D72; 12.3X48 versions prior to 12.3X48-D55; 15.1X49 versions prior to 15.1X49-D90. | ||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-0017 Source: BID Type: Third Party Advisory, VDB Entry 103749 Source: CCN Type: BID-103749 Juniper Junos CVE-2018-0017 Denial of Service Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040785 Source: XF Type: UNKNOWN juniper-junos-cve20180017-dos(141504) Source: CCN Type: Juniper Networks Security Bulletin JSA10845 SRX Series: Denial of service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA10845 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||