ID

VAR-201810-0076


CVE

CVE-2018-0054


TITLE

QFX5000 Series and EX4600 Switch depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013852

DESCRIPTION

On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600. QFX5000 Series and EX4600 The switch is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. A denial of service vulnerability exists in Juniper Junos OS. The following versions based on the QFX5000 series and EX4600 series platforms are affected: Juniper Junos OS Release 14.1X53, Release 15.1, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.2X75, Release 17.3, Release 17.4, Release 18.1 Version

Trust: 1.71

sources: NVD: CVE-2018-0054 // JVNDB: JVNDB-2018-013852 // VULHUB: VHN-118256

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-013852 // NVD: CVE-2018-0054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0054
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0054
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0054
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-522
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118256
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0054
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118256
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0054
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-118256 // JVNDB: JVNDB-2018-013852 // CNNVD: CNNVD-201810-522 // NVD: CVE-2018-0054 // NVD: CVE-2018-0054

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-118256 // JVNDB: JVNDB-2018-013852 // NVD: CVE-2018-0054

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-522

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201810-522

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013852

PATCH

title:JSA10888url:https://kb.juniper.net/JSA10888

Trust: 0.8

title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86108

Trust: 0.6

sources: JVNDB: JVNDB-2018-013852 // CNNVD: CNNVD-201810-522

EXTERNAL IDS

db:NVDid:CVE-2018-0054

Trust: 2.5

db:JUNIPERid:JSA10888

Trust: 1.7

db:SECTRACKid:1041855

Trust: 1.7

db:JVNDBid:JVNDB-2018-013852

Trust: 0.8

db:CNNVDid:CNNVD-201810-522

Trust: 0.7

db:VULHUBid:VHN-118256

Trust: 0.1

sources: VULHUB: VHN-118256 // JVNDB: JVNDB-2018-013852 // CNNVD: CNNVD-201810-522 // NVD: CVE-2018-0054

REFERENCES

url:https://kb.juniper.net/jsa10888

Trust: 1.7

url:http://www.securitytracker.com/id/1041855

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0054

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0054

Trust: 0.8

sources: VULHUB: VHN-118256 // JVNDB: JVNDB-2018-013852 // CNNVD: CNNVD-201810-522 // NVD: CVE-2018-0054

SOURCES

db:VULHUBid:VHN-118256
db:JVNDBid:JVNDB-2018-013852
db:CNNVDid:CNNVD-201810-522
db:NVDid:CVE-2018-0054

LAST UPDATE DATE

2024-08-14T15:23:17.763000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118256date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-013852date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201810-522date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0054date:2019-10-09T23:31:08.690

SOURCES RELEASE DATE

db:VULHUBid:VHN-118256date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013852date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201810-522date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0054date:2018-10-10T18:29:02.623