Lucene search

JuniperCVELIST:CVE-2018-0002

HistoryJan 10, 2018 - 12:00 a.m.

CVE-2018-0002 MX series, SRX series: Junos OS: Denial of service vulnerability in Flowd on devices with ALG enabled.

2018-01-1000:00:00

juniper

www.cve.org

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue.

CNA Affected

[
  {
    "platforms": [
      "SRX series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "12.1X46-D60",
        "status": "affected",
        "version": "12.1X46",
        "versionType": "custom"
      },
      {
        "lessThan": "12.3X48-D35",
        "status": "affected",
        "version": "12.3X48",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X49-D60",
        "status": "affected",
        "version": "15.1X49",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "MX series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "14.1R9",
        "status": "affected",
        "version": "14.1",
        "versionType": "custom"
      },
      {
        "lessThan": "14.2R8",
        "status": "affected",
        "version": "14.2",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7",
        "status": "affected",
        "version": "15.1",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1R6",
        "status": "affected",
        "version": "16.1",
        "versionType": "custom"
      },
      {
        "lessThan": "16.2R3",
        "status": "affected",
        "version": "16.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.1R2-S4, 17.1R3",
        "status": "affected",
        "version": "17.1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securitytracker.com/id/1040178

kb.juniper.net/JSA10829

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for CVELIST:CVE-2018-0002