Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-0051

Published: 10/10/2018 Updated: 09/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Junos

Vulnerability Summary

A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an malicious user to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process. This issue affects Junos OS devices with NAT or stateful firewall configuration in combination with the SIP ALG enabled. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs in SRX device can be obtained by executing the command: show security alg status Affected releases are Juniper Networks Junos OS: 12.1X46 versions before 12.1X46-D77; 12.3X48 versions before 12.3X48-D70; 15.1X49 versions before 15.1X49-D140; 15.1 versions before 15.1R4-S9, 15.1R7-S1; 15.1F6; 16.1 versions before 16.1R4-S9, 16.1R6-S1, 16.1R7; 16.2 versions before 16.2R2-S7, 16.2R3; 17.1 versions before 17.1R2-S7, 17.1R3; 17.2 versions before 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions before 17.3R1-S5, 17.3R2-S2, 17.3R3; 17.4 versions before 17.4R2. No other Juniper Networks products or platforms are affected by this issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

juniper junos 12.1x46

juniper junos 12.3x48

juniper junos 15.1x49

juniper junos 15.1

juniper junos 16.1

juniper junos 16.2

juniper junos 17.1

juniper junos 17.2

juniper junos 17.3

juniper junos 17.4

Recent Articles

Now, watch this... Network time protocol bugs sting Juniper operating system
The Register • Richard Chirgwin • 11 Oct 2018

Oh, and there are 21 other vulns to patch Juniper pours a shot of its data centre juice into campus networks

It's time for Juniper Networks' semi-regular bugfest, with 22 fixes announced today, two of which carry a “critical” rating and should be applied immediately. The company's software defined networking-supported NFX Series CPE, if running Junos OS version 18.1, had an insecure default setting in the Juniper Device Manager: CVE-2018-0044 allowed SSH access with an empty password. If you can't upgrade to version 18.1R4 or 18.2R1 or later, double-check that all accounts have strong passwords. Th...

Read more...

References

CWE-20https://kb.juniper.net/JSA10885http://www.securitytracker.com/id/1041852https://nvd.nist.govhttps://www.theregister.co.uk/2018/10/11/network_time_protocol_bugs_sting_junipers_operating_system/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook