Sign-up

ID

VAR-201810-0077


CVE

CVE-2018-0055


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013648

DESCRIPTION

Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may result in a jdhcpd daemon crash. The daemon automatically restarts without intervention, but a continuous receipt of crafted DHCPv6 packets could leaded to an extended denial of service condition. This issue only affects Junos OS 15.1 and later. Earlier releases are unaffected by this issue. Devices are only vulnerable to the specially crafted DHCPv6 message if DHCP services are configured. Devices not configured to act as a DHCP server are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495; 16.1 versions prior to 16.1R4-S11, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9; 17.2 versions prior to 17.2R2-S6; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R1-S5; 18.1 versions prior to 18.1R2-S3; 18.2 versions prior to 18.2R1-S2; 18.2X75 versions prior to 18.2X75-D20. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, effectively denying service to legitimate users. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. A denial of service vulnerability exists in Juniper Junos OS. The following releases are affected: Juniper Junos OS Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.2X75

Trust: 1.98

sources: NVD: CVE-2018-0055 // JVNDB: JVNDB-2018-013648 // BID: 108486 // VULHUB: VHN-118257

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.3

vendor:junipermodel:junos osscope:eqversion:16.1r6-s6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.2r2-s7

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d495

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:18.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:18.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.2r1-s2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d160

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d235

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r7-s2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.1r2-s9

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.1r2-s3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r7-s2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:18.2x75

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.2r2-s6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.3r3-s1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.2x75-d20

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r4-s11

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.4r1-s5

Trust: 0.8

vendor:junipermodel:junos 18.2x75-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d69scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d68scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d67scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d65scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d64scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d63scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d62scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d59scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d58scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d57scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d49scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d48scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d471scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d470scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d47scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d33scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d31scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d236scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d234scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d233scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d232scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d231scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d230scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d105scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d90scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d80scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d150scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d140scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d131scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d130scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d120scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d110scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d101scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d100scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.2x75-d20scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.2r1-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2-s6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6-s6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s11scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d495scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d235scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d160scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s2scope:neversion: -

Trust: 0.3

sources: BID: 108486 // JVNDB: JVNDB-2018-013648 // NVD: CVE-2018-0055

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0055
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0055
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0055
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-523
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118257
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0055
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118257
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0055
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0055
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118257 // JVNDB: JVNDB-2018-013648 // CNNVD: CNNVD-201810-523 // NVD: CVE-2018-0055 // NVD: CVE-2018-0055

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118257 // JVNDB: JVNDB-2018-013648 // NVD: CVE-2018-0055

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-523

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-523

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013648

PATCH
title:JSA10889url:https://kb.juniper.net/JSA10889
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86109
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013648 // 
            
            
            
            CNNVD: CNNVD-201810-523

EXTERNAL IDS
db:NVDid:CVE-2018-0055
Trust: 2.8
db:JUNIPERid:JSA10889
Trust: 2.0
db:SECTRACKid:1041856
Trust: 1.7
db:JVNDBid:JVNDB-2018-013648
Trust: 0.8
db:CNNVDid:CNNVD-201810-523
Trust: 0.7
db:BIDid:108486
Trust: 0.3
db:VULHUBid:VHN-118257
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118257 // 
            
            
            
            BID: 108486 // 
            
            
            
            JVNDB: JVNDB-2018-013648 // 
            
            
            
            CNNVD: CNNVD-201810-523 // 
            
            
            
            NVD: CVE-2018-0055

REFERENCES
url:https://kb.juniper.net/jsa10889
Trust: 1.7
url:http://www.securitytracker.com/id/1041856
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0055
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0055
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10889&actp=metadata
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118257 // 
            
            
            
            BID: 108486 // 
            
            
            
            JVNDB: JVNDB-2018-013648 // 
            
            
            
            CNNVD: CNNVD-201810-523 // 
            
            
            
            NVD: CVE-2018-0055

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108486

SOURCES
db:VULHUBid:VHN-118257
db:BIDid:108486
db:JVNDBid:JVNDB-2018-013648
db:CNNVDid:CNNVD-201810-523
db:NVDid:CVE-2018-0055

LAST UPDATE DATE
2024-11-23T22:26:12.691000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118257date:2019-10-09T00:00:00
db:BIDid:108486date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013648date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-523date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0055date:2024-11-21T03:37:28.463

SOURCES RELEASE DATE
db:VULHUBid:VHN-118257date:2018-10-10T00:00:00
db:BIDid:108486date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013648date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-523date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0055date:2018-10-10T18:29:02.750