Sign-up

ID

VAR-201807-0317


CVE

CVE-2018-0034


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007990

DESCRIPTION

A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 DHCP packet processing. Affected releases are Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S10 on EX Series; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200; 15.1X53 versions prior to 15.1X53-D471 on NFX 150, NFX 250; 16.1 versions prior to 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK

Trust: 1.71

sources: NVD: CVE-2018-0034 // JVNDB: JVNDB-2018-007990 // VULHUB: VHN-118236

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-007990 // CNNVD: CNNVD-201807-1083 // NVD: CVE-2018-0034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0034
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0034
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0034
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-1083
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118236
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0034
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118236
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0034
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0034
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118236 // JVNDB: JVNDB-2018-007990 // CNNVD: CNNVD-201807-1083 // NVD: CVE-2018-0034 // NVD: CVE-2018-0034

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118236 // JVNDB: JVNDB-2018-007990 // NVD: CVE-2018-0034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1083

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1083

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007990

PATCH
title:Search results for ‘dhcp’url:https://apps.juniper.net/feature-explorer/search.html#q=dhcp
Trust: 0.8
title:JSA10868url:https://kb.juniper.net/JSA10868
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82099
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-007990 // 
            
            
            
            CNNVD: CNNVD-201807-1083

EXTERNAL IDS
db:NVDid:CVE-2018-0034
Trust: 2.5
db:JUNIPERid:JSA10868
Trust: 1.7
db:SECTRACKid:1041338
Trust: 1.7
db:JVNDBid:JVNDB-2018-007990
Trust: 0.8
db:CNNVDid:CNNVD-201807-1083
Trust: 0.7
db:VULHUBid:VHN-118236
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118236 // 
            
            
            
            JVNDB: JVNDB-2018-007990 // 
            
            
            
            CNNVD: CNNVD-201807-1083 // 
            
            
            
            NVD: CVE-2018-0034

REFERENCES
url:https://kb.juniper.net/jsa10868
Trust: 1.7
url:https://apps.juniper.net/feature-explorer/search.html#q=dhcp
Trust: 1.7
url:http://www.securitytracker.com/id/1041338
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0034
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0034
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118236 // 
            
            
            
            JVNDB: JVNDB-2018-007990 // 
            
            
            
            CNNVD: CNNVD-201807-1083 // 
            
            
            
            NVD: CVE-2018-0034

SOURCES
db:VULHUBid:VHN-118236
db:JVNDBid:JVNDB-2018-007990
db:CNNVDid:CNNVD-201807-1083
db:NVDid:CVE-2018-0034

LAST UPDATE DATE
2024-11-23T22:48:41.326000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118236date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007990date:2018-10-04T00:00:00
db:CNNVDid:CNNVD-201807-1083date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0034date:2024-11-21T03:37:24.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-118236date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-007990date:2018-10-04T00:00:00
db:CNNVDid:CNNVD-201807-1083date:2018-07-12T00:00:00
db:NVDid:CVE-2018-0034date:2018-07-11T18:29:00.607