| Vulnerability Name: | CVE-2018-0027 (CCN-146317) | ||||||||||||
| Assigned: | 2017-11-16 | ||||||||||||
| Published: | 2018-07-11 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1. | ||||||||||||
| CVSS v3 Severity: | 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-0027 Source: BID Type: Third Party Advisory, VDB Entry 104721 Source: CCN Type: BID-104721 Juniper Junos CVE-2018-0027 Denial of Service Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1041318 Source: XF Type: UNKNOWN juniper-junos-cve20180027-dos(146317) Source: CCN Type: Juniper Networks Security Bulletin JSA10861 Junos OS: Receipt of malformed RSVP packet may lead to RPD denial of service (CVE-2018-0027) Source: CONFIRM Type: Mitigation, Vendor Advisory https://kb.juniper.net/JSA10861 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||