Vulnerability Name: | CVE-2018-0032 (CCN-146313) | ||||||||||||
Assigned: | 2017-11-16 | ||||||||||||
Published: | 2018-07-11 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
Vulnerability Type: | CWE-20 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-0032 Source: SECTRACK Type: Third Party Advisory, VDB Entry 1041337 Source: XF Type: UNKNOWN juniper-junos-cve20180032-dos(146313) Source: CCN Type: Juniper Networks Security Bulletin JSA10866 Junos OS: RPD crash when receiving a crafted BGP UPDATE (CVE-2018-0032) Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA10866 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |