ID

VAR-201807-0312


CVE

CVE-2018-0027


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007996

DESCRIPTION

Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. The operating system provides a secure programming interface and Junos SDK

Trust: 1.98

sources: NVD: CVE-2018-0027 // JVNDB: JVNDB-2018-007996 // BID: 104721 // VULHUB: VHN-118229

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.6

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 16.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3scope:neversion: -

Trust: 0.3

sources: BID: 104721 // JVNDB: JVNDB-2018-007996 // CNNVD: CNNVD-201807-1088 // NVD: CVE-2018-0027

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0027
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0027
value: HIGH

Trust: 1.0

NVD: CVE-2018-0027
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-1088
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118229
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0027
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118229
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0027
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0027
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118229 // JVNDB: JVNDB-2018-007996 // CNNVD: CNNVD-201807-1088 // NVD: CVE-2018-0027 // NVD: CVE-2018-0027

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118229 // JVNDB: JVNDB-2018-007996 // NVD: CVE-2018-0027

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1088

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1088

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007996

PATCH

title:JSA10861url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10861&actp=METADATA

Trust: 0.8

title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82104

Trust: 0.6

sources: JVNDB: JVNDB-2018-007996 // CNNVD: CNNVD-201807-1088

EXTERNAL IDS

db:NVDid:CVE-2018-0027

Trust: 2.8

db:JUNIPERid:JSA10861

Trust: 2.0

db:BIDid:104721

Trust: 2.0

db:SECTRACKid:1041318

Trust: 1.7

db:JVNDBid:JVNDB-2018-007996

Trust: 0.8

db:CNNVDid:CNNVD-201807-1088

Trust: 0.7

db:VULHUBid:VHN-118229

Trust: 0.1

sources: VULHUB: VHN-118229 // BID: 104721 // JVNDB: JVNDB-2018-007996 // CNNVD: CNNVD-201807-1088 // NVD: CVE-2018-0027

REFERENCES

url:http://www.securityfocus.com/bid/104721

Trust: 1.7

url:https://kb.juniper.net/jsa10861

Trust: 1.7

url:http://www.securitytracker.com/id/1041318

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0027

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0027

Trust: 0.8

url:http://www.juniper.net/

Trust: 0.3

url:http://www.juniper.net/us/en/products-services/nos/junos/

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10861

Trust: 0.3

sources: VULHUB: VHN-118229 // BID: 104721 // JVNDB: JVNDB-2018-007996 // CNNVD: CNNVD-201807-1088 // NVD: CVE-2018-0027

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 104721

SOURCES

db:VULHUBid:VHN-118229
db:BIDid:104721
db:JVNDBid:JVNDB-2018-007996
db:CNNVDid:CNNVD-201807-1088
db:NVDid:CVE-2018-0027

LAST UPDATE DATE

2024-11-23T22:26:17.314000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118229date:2019-10-09T00:00:00
db:BIDid:104721date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-007996date:2018-10-04T00:00:00
db:CNNVDid:CNNVD-201807-1088date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0027date:2024-11-21T03:37:23.440

SOURCES RELEASE DATE

db:VULHUBid:VHN-118229date:2018-07-11T00:00:00
db:BIDid:104721date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-007996date:2018-10-04T00:00:00
db:CNNVDid:CNNVD-201807-1088date:2018-07-12T00:00:00
db:NVDid:CVE-2018-0027date:2018-07-11T18:29:00.340