ID

VAR-201804-0666


CVE

CVE-2018-0019


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004214

DESCRIPTION

A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the SNMP subsystem. While a mib2d process crash can disrupt the network monitoring via SNMP, it does not impact routing, switching or firewall functionalities. SNMP is disabled by default on devices running Junos OS. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S7, 12.3R13; 12.3X48 versions prior to 12.3X48-D65; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D130; 15.1 versions prior to 15.1F2-S20, 15.1F6-S10, 15.1R7; 15.1X49 versions prior to 15.1X49-D130; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66; 16.1 versions prior to 16.1R5-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D47; 16.1X70 versions prior to 16.1X70-D10; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3;. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos OS Release 12.1X46, Release 12.3, Release 12.3X48, Release 14.1, Release 14.1X53, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.1X65, Release 16.1X70, Release 16.2 , version 17.1, version 17.3, version 17.4

Trust: 1.71

sources: NVD: CVE-2018-0019 // JVNDB: JVNDB-2018-004214 // VULHUB: VHN-118221

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1x70

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1x65

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-004214 // CNNVD: CNNVD-201804-516 // NVD: CVE-2018-0019

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0019
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0019
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0019
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-516
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118221
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0019
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118221
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0019
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0019
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118221 // JVNDB: JVNDB-2018-004214 // CNNVD: CNNVD-201804-516 // NVD: CVE-2018-0019 // NVD: CVE-2018-0019

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118221 // JVNDB: JVNDB-2018-004214 // NVD: CVE-2018-0019

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-516

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201804-516

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004214

PATCH

title:JSA10847url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10847&actp=METADATA

Trust: 0.8

title:Juniper Junos OS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83282

Trust: 0.6

sources: JVNDB: JVNDB-2018-004214 // CNNVD: CNNVD-201804-516

EXTERNAL IDS

db:NVDid:CVE-2018-0019

Trust: 2.5

db:SECTRACKid:1040787

Trust: 1.7

db:JUNIPERid:JSA10847

Trust: 1.7

db:JVNDBid:JVNDB-2018-004214

Trust: 0.8

db:CNNVDid:CNNVD-201804-516

Trust: 0.7

db:VULHUBid:VHN-118221

Trust: 0.1

sources: VULHUB: VHN-118221 // JVNDB: JVNDB-2018-004214 // CNNVD: CNNVD-201804-516 // NVD: CVE-2018-0019

REFERENCES

url:https://kb.juniper.net/jsa10847

Trust: 1.7

url:http://www.securitytracker.com/id/1040787

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0019

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0019

Trust: 0.8

sources: VULHUB: VHN-118221 // JVNDB: JVNDB-2018-004214 // CNNVD: CNNVD-201804-516 // NVD: CVE-2018-0019

SOURCES

db:VULHUBid:VHN-118221
db:JVNDBid:JVNDB-2018-004214
db:CNNVDid:CNNVD-201804-516
db:NVDid:CVE-2018-0019

LAST UPDATE DATE

2024-08-14T15:28:58.588000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118221date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-004214date:2018-06-14T00:00:00
db:CNNVDid:CNNVD-201804-516date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0019date:2019-10-09T23:30:58.877

SOURCES RELEASE DATE

db:VULHUBid:VHN-118221date:2018-04-11T00:00:00
db:JVNDBid:JVNDB-2018-004214date:2018-06-14T00:00:00
db:CNNVDid:CNNVD-201804-516date:2018-04-11T00:00:00
db:NVDid:CVE-2018-0019date:2018-04-11T19:29:00.447