Published: 10/10/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated malicious user to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue only affects devices with JET support running Junos OS 17.2R1 and subsequent releases. Other versions of Junos OS are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 17.2 versions before 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.2X75 versions before 17.2X75-D102, 17.2X75-D110; 17.3 versions before 17.3R2-S4, 17.3R3; 17.4 versions before 17.4R1-S5, 17.4R2; 18.1 versions before 18.1R2-S3, 18.1R3;

Vulnerable Product	Search on Vulmon	Subscribe to Product
juniper junos 17.2
juniper junos 17.2x75
juniper junos 17.3
juniper junos 17.4
juniper junos 18.1

Now, watch this... Network time protocol bugs sting Juniper operating system

The Register • Richard Chirgwin • 11 Oct 2018

Oh, and there are 21 other vulns to patch Juniper pours a shot of its data centre juice into campus networks

It's time for Juniper Networks' semi-regular bugfest, with 22 fixes announced today, two of which carry a “critical” rating and should be applied immediately. The company's software defined networking-supported NFX Series CPE, if running Junos OS version 18.1, had an insecure default setting in the Juniper Device Manager: CVE-2018-0044 allowed SSH access with an empty password. If you can't upgrade to version 18.1R4 or 18.2R1 or later, double-check that all accounts have strong passwords. Th...

CVE-2018-0048

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect