Sign-up

ID

VAR-201801-1070


CVE

CVE-2018-0002


TITLE

Juniper Networks Junos OS Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001735

DESCRIPTION

On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue. Juniper Networks Junos OS Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the daemon(s) to crash, effectively denying service to legitimate users. Junos OS is a set of operating systems running on it

Trust: 1.98

sources: NVD: CVE-2018-0002 // JVNDB: JVNDB-2018-001735 // BID: 106504 // VULHUB: VHN-118204

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:16.1 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f6-s9 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.1r3 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48 (srx)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46 (srx)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.2 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d60

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r5-s8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d35

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.2r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d60

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r9

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.1r2-s4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r7 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.1 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r6-s4 (mx)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49 (srx)

Trust: 0.8

vendor:junipermodel:junos 17.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d46scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d37scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d60scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5-s8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d60scope:neversion: -

Trust: 0.3

sources: BID: 106504 // JVNDB: JVNDB-2018-001735 // CNNVD: CNNVD-201711-866 // NVD: CVE-2018-0002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0002
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0002
value: HIGH

Trust: 1.0

NVD: CVE-2018-0002
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-866
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118204
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0002
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118204
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0002
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0002
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118204 // JVNDB: JVNDB-2018-001735 // CNNVD: CNNVD-201711-866 // NVD: CVE-2018-0002 // NVD: CVE-2018-0002

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-118204 // JVNDB: JVNDB-2018-001735 // NVD: CVE-2018-0002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-866

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-866

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001735

PATCH
title:JSA10829url:https://kb.juniper.net/JSA10829
Trust: 0.8
title:Juniper SRX Series  and MX Series Junos OS Repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100222
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001735 // 
            
            
            
            CNNVD: CNNVD-201711-866

EXTERNAL IDS
db:NVDid:CVE-2018-0002
Trust: 2.8
db:JUNIPERid:JSA10829
Trust: 2.0
db:SECTRACKid:1040178
Trust: 1.7
db:JVNDBid:JVNDB-2018-001735
Trust: 0.8
db:CNNVDid:CNNVD-201711-866
Trust: 0.7
db:BIDid:106504
Trust: 0.3
db:VULHUBid:VHN-118204
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118204 // 
            
            
            
            BID: 106504 // 
            
            
            
            JVNDB: JVNDB-2018-001735 // 
            
            
            
            CNNVD: CNNVD-201711-866 // 
            
            
            
            NVD: CVE-2018-0002

REFERENCES
url:https://kb.juniper.net/jsa10829
Trust: 1.7
url:http://www.securitytracker.com/id/1040178
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0002
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0002
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10829&actp=metadata
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118204 // 
            
            
            
            BID: 106504 // 
            
            
            
            JVNDB: JVNDB-2018-001735 // 
            
            
            
            CNNVD: CNNVD-201711-866 // 
            
            
            
            NVD: CVE-2018-0002

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 106504

SOURCES
db:VULHUBid:VHN-118204
db:BIDid:106504
db:JVNDBid:JVNDB-2018-001735
db:CNNVDid:CNNVD-201711-866
db:NVDid:CVE-2018-0002

LAST UPDATE DATE
2024-08-14T14:20:08.490000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118204date:2019-10-09T00:00:00
db:BIDid:106504date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001735date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201711-866date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0002date:2019-10-09T23:30:55.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-118204date:2018-01-10T00:00:00
db:BIDid:106504date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001735date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201711-866date:2017-11-21T00:00:00
db:NVDid:CVE-2018-0002date:2018-01-10T22:29:00.963