Sign-up

ID

VAR-201801-1073


CVE

CVE-2018-0005


TITLE

Juniper Networks Junos OS Vulnerabilities in checking for exceptional conditions

Trust: 0.8

sources: JVNDB: JVNDB-2018-001468

DESCRIPTION

QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7. Juniper Networks Junos OS Contains an exceptional condition checking vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Both Juniper QFX and EX Series switches are switch products of Juniper Networks (Juniper Networks). Junos OS is a set of operating systems running on it

Trust: 1.98

sources: NVD: CVE-2018-0005 // JVNDB: JVNDB-2018-001468 // BID: 106499 // VULHUB: VHN-118207

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.3

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d40

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r7

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d55

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos 15.1x53-d49scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d48scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d47scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d33scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d31scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d34scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d55scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope:neversion: -

Trust: 0.3

sources: BID: 106499 // JVNDB: JVNDB-2018-001468 // CNNVD: CNNVD-201711-863 // NVD: CVE-2018-0005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0005
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2018-0005
value: HIGH

Trust: 1.0

NVD: CVE-2018-0005
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-863
value: HIGH

Trust: 0.6

VULHUB: VHN-118207
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0005
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118207
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0005
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0005
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118207 // JVNDB: JVNDB-2018-001468 // CNNVD: CNNVD-201711-863 // NVD: CVE-2018-0005 // NVD: CVE-2018-0005

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.9

sources: VULHUB: VHN-118207 // JVNDB: JVNDB-2018-001468 // NVD: CVE-2018-0005

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-863

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201711-863

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001468

PATCH
title:JSA10833url:https://kb.juniper.net/JSA10833
Trust: 0.8
title:Juniper QFX  and EX Series switch Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100219
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001468 // 
            
            
            
            CNNVD: CNNVD-201711-863

EXTERNAL IDS
db:NVDid:CVE-2018-0005
Trust: 2.8
db:JUNIPERid:JSA10833
Trust: 2.0
db:SECTRACKid:1040182
Trust: 1.7
db:JVNDBid:JVNDB-2018-001468
Trust: 0.8
db:CNNVDid:CNNVD-201711-863
Trust: 0.7
db:BIDid:106499
Trust: 0.3
db:VULHUBid:VHN-118207
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118207 // 
            
            
            
            BID: 106499 // 
            
            
            
            JVNDB: JVNDB-2018-001468 // 
            
            
            
            CNNVD: CNNVD-201711-863 // 
            
            
            
            NVD: CVE-2018-0005

REFERENCES
url:https://kb.juniper.net/jsa10833
Trust: 1.7
url:http://www.securitytracker.com/id/1040182
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0005
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0005
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10833&actp=metadata
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118207 // 
            
            
            
            BID: 106499 // 
            
            
            
            JVNDB: JVNDB-2018-001468 // 
            
            
            
            CNNVD: CNNVD-201711-863 // 
            
            
            
            NVD: CVE-2018-0005

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 106499

SOURCES
db:VULHUBid:VHN-118207
db:BIDid:106499
db:JVNDBid:JVNDB-2018-001468
db:CNNVDid:CNNVD-201711-863
db:NVDid:CVE-2018-0005

LAST UPDATE DATE
2024-08-14T13:56:18.661000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118207date:2019-10-09T00:00:00
db:BIDid:106499date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001468date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201711-863date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0005date:2019-10-09T23:30:56.410

SOURCES RELEASE DATE
db:VULHUBid:VHN-118207date:2018-01-10T00:00:00
db:BIDid:106499date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001468date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201711-863date:2017-11-21T00:00:00
db:NVDid:CVE-2018-0005date:2018-01-10T22:29:01.103