ID

VAR-201810-0072


CVE

CVE-2018-0050


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013608

DESCRIPTION

An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic. Juniper Networks Junos OS Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the RPD to crash, effectively denying service to legitimate users. The operating system provides a secure programming interface and Junos SDK

Trust: 1.98

sources: NVD: CVE-2018-0050 // JVNDB: JVNDB-2018-013608 // BID: 106206 // VULHUB: VHN-118252

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.3

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r8-s5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r4

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d130 (qfabric system)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r9

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d48 (qfx switching)

Trust: 0.8

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d47scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d44scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d42scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d34scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d122scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d107scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d48scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d130scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8-s5scope:neversion: -

Trust: 0.3

sources: BID: 106206 // JVNDB: JVNDB-2018-013608 // CNNVD: CNNVD-201810-518 // NVD: CVE-2018-0050

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0050
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0050
value: HIGH

Trust: 1.0

NVD: CVE-2018-0050
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-518
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118252
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0050
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118252
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0050
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0050
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118252 // JVNDB: JVNDB-2018-013608 // CNNVD: CNNVD-201810-518 // NVD: CVE-2018-0050 // NVD: CVE-2018-0050

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118252 // JVNDB: JVNDB-2018-013608 // NVD: CVE-2018-0050

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-518

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-518

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013608

PATCH

title:JSA10884url:https://kb.juniper.net/JSA10884

Trust: 0.8

title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86104

Trust: 0.6

sources: JVNDB: JVNDB-2018-013608 // CNNVD: CNNVD-201810-518

EXTERNAL IDS

db:NVDid:CVE-2018-0050

Trust: 2.8

db:JUNIPERid:JSA10884

Trust: 2.0

db:BIDid:106206

Trust: 2.0

db:SECTRACKid:1041851

Trust: 1.7

db:JVNDBid:JVNDB-2018-013608

Trust: 0.8

db:CNNVDid:CNNVD-201810-518

Trust: 0.7

db:VULHUBid:VHN-118252

Trust: 0.1

sources: VULHUB: VHN-118252 // BID: 106206 // JVNDB: JVNDB-2018-013608 // CNNVD: CNNVD-201810-518 // NVD: CVE-2018-0050

REFERENCES

url:http://www.securityfocus.com/bid/106206

Trust: 1.7

url:https://kb.juniper.net/jsa10884

Trust: 1.7

url:http://www.securitytracker.com/id/1041851

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0050

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0050

Trust: 0.8

url:http://www.juniper.net/

Trust: 0.3

url:http://www.juniper.net/us/en/products-services/nos/junos/

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10884

Trust: 0.3

sources: VULHUB: VHN-118252 // BID: 106206 // JVNDB: JVNDB-2018-013608 // CNNVD: CNNVD-201810-518 // NVD: CVE-2018-0050

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106206

SOURCES

db:VULHUBid:VHN-118252
db:BIDid:106206
db:JVNDBid:JVNDB-2018-013608
db:CNNVDid:CNNVD-201810-518
db:NVDid:CVE-2018-0050

LAST UPDATE DATE

2024-08-14T13:46:13.180000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118252date:2019-10-09T00:00:00
db:BIDid:106206date:2018-12-10T00:00:00
db:JVNDBid:JVNDB-2018-013608date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201810-518date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0050date:2019-10-09T23:31:07.550

SOURCES RELEASE DATE

db:VULHUBid:VHN-118252date:2018-10-10T00:00:00
db:BIDid:106206date:2018-12-10T00:00:00
db:JVNDBid:JVNDB-2018-013608date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201810-518date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0050date:2018-10-10T18:29:02.203