Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2018-0043

Published: 10/10/2018 Updated: 21/06/2021
CVSS v2 Base Score: 5.8 | Impact Score: 6.4 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 516
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Junos

Vulnerability Summary

Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects both IPv4 and IPv6. This issue can only be exploited from within the MPLS domain. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions before 12.1X46-D77 on SRX Series; 12.3 versions before 12.3R12-S10; 12.3X48 versions before 12.3X48-D75 on SRX Series; 14.1X53 versions before 14.1X53-D47 on QFX/EX Series; 14.1X53 versions before 14.1X53-D130 on QFabric Series; 15.1F6 versions before 15.1F6-S10; 15.1 versions before 15.1R4-S9 15.1R7; 15.1X49 versions before 15.1X49-D140 on SRX Series; 15.1X53 versions before 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions before 15.1X53-D67 on QFX10K Series; 15.1X53 versions before 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions before 15.1X53-D471 15.1X53-D490 on NFX Series; 16.1 versions before 16.1R3-S8 16.1R4-S8 16.1R5-S4 16.1R6-S4 16.1R7; 16.1X65 versions before 16.1X65-D48; 16.2 versions before 16.2R1-S6 16.2R3; 17.1 versions before 17.1R1-S7 17.1R2-S6 17.1R3; 17.2 versions before 17.2R1-S6 17.2R2-S3 17.2R3; 17.2X75 versions before 17.2X75-D100 17.2X75-D42 17.2X75-D91; 17.3 versions before 17.3R1-S4 17.3R2-S2 17.3R3; 17.4 versions before 17.4R1-S3 17.4R2 . No other Juniper Networks products or platforms are affected by this issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

juniper junos 12.1x46

juniper junos 12.3

juniper junos 12.3x48

juniper junos 14.1x53

juniper junos 15.1

juniper junos 15.1x49

juniper junos 15.1x53

juniper junos 16.1

juniper junos 16.1x65

juniper junos 16.2

juniper junos 17.1

juniper junos 17.2x75

juniper junos 17.3

juniper junos 17.4

Recent Articles

Now, watch this... Network time protocol bugs sting Juniper operating system
The Register • Richard Chirgwin • 11 Oct 2018

Oh, and there are 21 other vulns to patch Juniper pours a shot of its data centre juice into campus networks

It's time for Juniper Networks' semi-regular bugfest, with 22 fixes announced today, two of which carry a “critical” rating and should be applied immediately. The company's software defined networking-supported NFX Series CPE, if running Junos OS version 18.1, had an insecure default setting in the Juniper Device Manager: CVE-2018-0044 allowed SSH access with an empty password. If you can't upgrade to version 18.1R4 or 18.2R1 or later, double-check that all accounts have strong passwords. Th...

Read more...

References

CWE-20https://kb.juniper.net/JSA10877http://www.securitytracker.com/id/1041847https://nvd.nist.govhttps://www.theregister.co.uk/2018/10/11/network_time_protocol_bugs_sting_junipers_operating_system/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook