Sign-up

ID

VAR-201801-1074


CVE

CVE-2018-0006


TITLE

Juniper Networks Junos OS Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001737

DESCRIPTION

A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2. Juniper Networks Junos OS Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK

Trust: 1.98

sources: NVD: CVE-2018-0006 // JVNDB: JVNDB-2018-001737 // BID: 106498 // VULHUB: VHN-118208

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.3

vendor:junipermodel:junos osscope:eqversion:16.1r6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.1r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r7

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r6-s2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.2r3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.2r2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.2r2-s2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.1r2-s5

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r5-s1

Trust: 0.8

vendor:junipermodel:junos 17.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r5-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6-s2scope:neversion: -

Trust: 0.3

sources: BID: 106498 // JVNDB: JVNDB-2018-001737 // CNNVD: CNNVD-201711-913 // NVD: CVE-2018-0006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0006
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0006
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0006
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-913
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118208
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0006
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118208
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0006
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0006
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118208 // JVNDB: JVNDB-2018-001737 // CNNVD: CNNVD-201711-913 // NVD: CVE-2018-0006 // NVD: CVE-2018-0006

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-118208 // JVNDB: JVNDB-2018-001737 // NVD: CVE-2018-0006

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-913

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201711-913

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001737

PATCH
title:JSA10834url:https://kb.juniper.net/JSA10834
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100182
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001737 // 
            
            
            
            CNNVD: CNNVD-201711-913

EXTERNAL IDS
db:NVDid:CVE-2018-0006
Trust: 2.8
db:SECTRACKid:1040184
Trust: 1.7
db:JUNIPERid:JSA10834
Trust: 1.7
db:JVNDBid:JVNDB-2018-001737
Trust: 0.8
db:CNNVDid:CNNVD-201711-913
Trust: 0.7
db:JUNIPERid:JSA10884
Trust: 0.3
db:BIDid:106498
Trust: 0.3
db:VULHUBid:VHN-118208
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118208 // 
            
            
            
            BID: 106498 // 
            
            
            
            JVNDB: JVNDB-2018-001737 // 
            
            
            
            CNNVD: CNNVD-201711-913 // 
            
            
            
            NVD: CVE-2018-0006

REFERENCES
url:https://kb.juniper.net/jsa10834
Trust: 1.7
url:http://www.securitytracker.com/id/1040184
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0006
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0006
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10884
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118208 // 
            
            
            
            BID: 106498 // 
            
            
            
            JVNDB: JVNDB-2018-001737 // 
            
            
            
            CNNVD: CNNVD-201711-913 // 
            
            
            
            NVD: CVE-2018-0006

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 106498

SOURCES
db:VULHUBid:VHN-118208
db:BIDid:106498
db:JVNDBid:JVNDB-2018-001737
db:CNNVDid:CNNVD-201711-913
db:NVDid:CVE-2018-0006

LAST UPDATE DATE
2024-08-14T13:46:13.148000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118208date:2019-10-09T00:00:00
db:BIDid:106498date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001737date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201711-913date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0006date:2019-10-09T23:30:56.783

SOURCES RELEASE DATE
db:VULHUBid:VHN-118208date:2018-01-10T00:00:00
db:BIDid:106498date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001737date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201711-913date:2017-11-22T00:00:00
db:NVDid:CVE-2018-0006date:2018-01-10T22:29:01.133