Sign-up

ID

VAR-201804-0664


CVE

CVE-2018-0017


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004322

DESCRIPTION

A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D72; 12.3X48 versions prior to 12.3X48-D55; 15.1X49 versions prior to 15.1X49-D90. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Juniper SRX Series devices is an SRX series gateway device of Juniper Networks (Juniper Networks). Junos OS is the operating system used in it. The operating system provides a secure programming interface and Junos SDK

Trust: 1.98

sources: NVD: CVE-2018-0017 // JVNDB: JVNDB-2018-004322 // BID: 103749 // VULHUB: VHN-118219

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:lteversion:15.1x49\:d90

Trust: 1.0

vendor:junipermodel:junosscope:lteversion:12.3x48\:d55

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:lteversion:12.1x46\:d72

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 0.9

vendor:junipermodel:junos osscope:eqversion:15.1x49-d90

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d72

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d55

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d90scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d55scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d72scope:neversion: -

Trust: 0.3

sources: BID: 103749 // JVNDB: JVNDB-2018-004322 // CNNVD: CNNVD-201804-518 // NVD: CVE-2018-0017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0017
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0017
value: HIGH

Trust: 1.0

NVD: CVE-2018-0017
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-518
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118219
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0017
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118219
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0017
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0017
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118219 // JVNDB: JVNDB-2018-004322 // CNNVD: CNNVD-201804-518 // NVD: CVE-2018-0017 // NVD: CVE-2018-0017

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118219 // JVNDB: JVNDB-2018-004322 // NVD: CVE-2018-0017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-518

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201804-518

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004322

PATCH
title:JSA10845url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845&actp=METADATA
Trust: 0.8
title:Juniper SRX Series equipment Junos OS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83284
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004322 // 
            
            
            
            CNNVD: CNNVD-201804-518

EXTERNAL IDS
db:NVDid:CVE-2018-0017
Trust: 2.8
db:JUNIPERid:JSA10845
Trust: 2.0
db:BIDid:103749
Trust: 2.0
db:SECTRACKid:1040785
Trust: 1.7
db:JVNDBid:JVNDB-2018-004322
Trust: 0.8
db:CNNVDid:CNNVD-201804-518
Trust: 0.6
db:VULHUBid:VHN-118219
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118219 // 
            
            
            
            BID: 103749 // 
            
            
            
            JVNDB: JVNDB-2018-004322 // 
            
            
            
            CNNVD: CNNVD-201804-518 // 
            
            
            
            NVD: CVE-2018-0017

REFERENCES
url:http://www.securityfocus.com/bid/103749
Trust: 1.7
url:https://kb.juniper.net/jsa10845
Trust: 1.7
url:http://www.securitytracker.com/id/1040785
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0017
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0017
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10845&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118219 // 
            
            
            
            BID: 103749 // 
            
            
            
            JVNDB: JVNDB-2018-004322 // 
            
            
            
            CNNVD: CNNVD-201804-518 // 
            
            
            
            NVD: CVE-2018-0017

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103749

SOURCES
db:VULHUBid:VHN-118219
db:BIDid:103749
db:JVNDBid:JVNDB-2018-004322
db:CNNVDid:CNNVD-201804-518
db:NVDid:CVE-2018-0017

LAST UPDATE DATE
2024-08-14T15:34:23.371000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118219date:2019-10-09T00:00:00
db:BIDid:103749date:2018-04-11T00:00:00
db:JVNDBid:JVNDB-2018-004322date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-518date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0017date:2019-10-09T23:30:58.517

SOURCES RELEASE DATE
db:VULHUBid:VHN-118219date:2018-04-11T00:00:00
db:BIDid:103749date:2018-04-11T00:00:00
db:JVNDBid:JVNDB-2018-004322date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-518date:2018-04-11T00:00:00
db:NVDid:CVE-2018-0017date:2018-04-11T19:29:00.337