Sign-up

ID

VAR-201807-0313


CVE

CVE-2018-0029


TITLE

Juniper Networks Junos OS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2018-007997

DESCRIPTION

While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. An attacker could exploit this vulnerability to cause a system crash and reboot. The following versions are affected: Juniper Junos OS Release 15.1, Release 15.1X49, Release 15.1X53 (on EX2300/EX3400, QFX10K, QFX5200/QFX5110, NFX), Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.2X75, Version 17.3, Version 17.4

Trust: 1.71

sources: NVD: CVE-2018-0029 // JVNDB: JVNDB-2018-007997 // VULHUB: VHN-118231

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-007997 // CNNVD: CNNVD-201807-1087 // NVD: CVE-2018-0029

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0029
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0029
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0029
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-1087
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118231
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0029
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118231
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0029
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0029
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118231 // JVNDB: JVNDB-2018-007997 // CNNVD: CNNVD-201807-1087 // NVD: CVE-2018-0029 // NVD: CVE-2018-0029

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-118231 // JVNDB: JVNDB-2018-007997 // NVD: CVE-2018-0029

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201807-1087

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007997

PATCH
title:JSA10863url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10863&actp=METADATA
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82103
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-007997 // 
            
            
            
            CNNVD: CNNVD-201807-1087

EXTERNAL IDS
db:NVDid:CVE-2018-0029
Trust: 2.5
db:JUNIPERid:JSA10863
Trust: 1.7
db:SECTRACKid:1041319
Trust: 1.7
db:JVNDBid:JVNDB-2018-007997
Trust: 0.8
db:CNNVDid:CNNVD-201807-1087
Trust: 0.7
db:VULHUBid:VHN-118231
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118231 // 
            
            
            
            JVNDB: JVNDB-2018-007997 // 
            
            
            
            CNNVD: CNNVD-201807-1087 // 
            
            
            
            NVD: CVE-2018-0029

REFERENCES
url:https://kb.juniper.net/jsa10863
Trust: 1.7
url:http://www.securitytracker.com/id/1041319
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0029
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0029
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118231 // 
            
            
            
            JVNDB: JVNDB-2018-007997 // 
            
            
            
            CNNVD: CNNVD-201807-1087 // 
            
            
            
            NVD: CVE-2018-0029

SOURCES
db:VULHUBid:VHN-118231
db:JVNDBid:JVNDB-2018-007997
db:CNNVDid:CNNVD-201807-1087
db:NVDid:CVE-2018-0029

LAST UPDATE DATE
2024-08-14T13:28:02.834000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118231date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007997date:2018-10-04T00:00:00
db:CNNVDid:CNNVD-201807-1087date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0029date:2019-10-09T23:31:01.440

SOURCES RELEASE DATE
db:VULHUBid:VHN-118231date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-007997date:2018-10-04T00:00:00
db:CNNVDid:CNNVD-201807-1087date:2018-07-12T00:00:00
db:NVDid:CVE-2018-0029date:2018-07-11T18:29:00.370