Details of VAR-201807-0314

ID

VAR-201807-0314

CVE

CVE-2018-0030

TITLE

Juniper Networks Junos OS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2018-007987

DESCRIPTION

Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS

Trust: 1.71

sources: NVD: CVE-2018-0030 // JVNDB: JVNDB-2018-007987 // VULHUB: VHN-118232

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1x65	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2x75	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-007987 // CNNVD: CNNVD-201807-1086 // NVD: CVE-2018-0030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0030
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2018-0030
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0030
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201807-1086
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118232
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0030
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118232
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0030
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-118232 // JVNDB: JVNDB-2018-007987 // CNNVD: CNNVD-201807-1086 // NVD: CVE-2018-0030 // NVD: CVE-2018-0030

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-118232 // JVNDB: JVNDB-2018-007987 // NVD: CVE-2018-0030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1086

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1086

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007987

PATCH

title:	KB25385	url:	https://kb.juniper.net/KB25385	Trust: 0.8
title:	JSA10864	url:	https://kb.juniper.net/JSA10864	Trust: 0.8
title:	Juniper Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82102	Trust: 0.6

sources: JVNDB: JVNDB-2018-007987 // CNNVD: CNNVD-201807-1086

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0030	Trust: 2.5
db:	JUNIPER	id:	JSA10864	Trust: 1.7
db:	SECTRACK	id:	1041325	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-007987	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1086	Trust: 0.7
db:	VULHUB	id:	VHN-118232	Trust: 0.1

sources: VULHUB: VHN-118232 // JVNDB: JVNDB-2018-007987 // CNNVD: CNNVD-201807-1086 // NVD: CVE-2018-0030

REFERENCES

url:	https://kb.juniper.net/jsa10864	Trust: 1.7
url:	https://kb.juniper.net/kb25385	Trust: 1.7
url:	http://www.securitytracker.com/id/1041325	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0030	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0030	Trust: 0.8

sources: VULHUB: VHN-118232 // JVNDB: JVNDB-2018-007987 // CNNVD: CNNVD-201807-1086 // NVD: CVE-2018-0030

SOURCES

db:	VULHUB	id:	VHN-118232
db:	JVNDB	id:	JVNDB-2018-007987
db:	CNNVD	id:	CNNVD-201807-1086
db:	NVD	id:	CVE-2018-0030

LAST UPDATE DATE

2024-08-14T15:18:22.646000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118232	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-007987	date:	2018-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201807-1086	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0030	date:	2019-10-09T23:31:01.737

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118232	date:	2018-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-007987	date:	2018-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201807-1086	date:	2018-07-12T00:00:00
db:	NVD	id:	CVE-2018-0030	date:	2018-07-11T18:29:00.467