Sign-up

ID

VAR-201810-0078


CVE

CVE-2018-0056


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013647

DESCRIPTION

If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon (L2ALD) daemon might crash when attempting to delete the duplicate MAC address when the particular entry is not found in the internal MAC address table. This issue only occurs on MX Series devices with l2-backhaul VPN configured. No other products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S1 on MX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6 on MX Series; 16.2 versions prior to 16.2R2-S7 on MX Series; 17.1 versions prior to 17.1R2-S9 on MX Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S1 on MX Series; 17.4 versions prior to 17.4R1-S5 on MX Series; 18.1 versions prior to 18.1R2 on MX Series. Juniper Networks Junos OS Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. The operating system provides a secure programming interface and Junos SDK. The following versions based on MX Series platforms are affected: Juniper Junos OS Release 15.1, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1

Trust: 1.98

sources: NVD: CVE-2018-0056 // JVNDB: JVNDB-2018-013647 // BID: 106673 // VULHUB: VHN-118258

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:17.2r1-s7

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.4r1-s5

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r4-s12

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r6-s6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.3r2-s4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.2r2-s7

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r7-s1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.1r2-s9

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:18.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.1r2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.4

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.2r2-s6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.3r3-s1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.1

Trust: 0.8

vendor:junipermodel:junos 18.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r2-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2-s6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6-s6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s12scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s1scope:neversion: -

Trust: 0.3

sources: BID: 106673 // JVNDB: JVNDB-2018-013647 // NVD: CVE-2018-0056

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0056
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0056
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0056
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-524
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118258
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0056
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118258
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0056
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0056
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118258 // JVNDB: JVNDB-2018-013647 // CNNVD: CNNVD-201810-524 // NVD: CVE-2018-0056 // NVD: CVE-2018-0056

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118258 // JVNDB: JVNDB-2018-013647 // NVD: CVE-2018-0056

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-524

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-524

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013647

PATCH
title:JSA10890url:https://kb.juniper.net/JSA10890
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86110
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013647 // 
            
            
            
            CNNVD: CNNVD-201810-524

EXTERNAL IDS
db:NVDid:CVE-2018-0056
Trust: 2.8
db:JUNIPERid:JSA10890
Trust: 2.0
db:SECTRACKid:1041857
Trust: 1.7
db:JVNDBid:JVNDB-2018-013647
Trust: 0.8
db:CNNVDid:CNNVD-201810-524
Trust: 0.7
db:BIDid:106673
Trust: 0.3
db:VULHUBid:VHN-118258
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118258 // 
            
            
            
            BID: 106673 // 
            
            
            
            JVNDB: JVNDB-2018-013647 // 
            
            
            
            CNNVD: CNNVD-201810-524 // 
            
            
            
            NVD: CVE-2018-0056

REFERENCES
url:https://kb.juniper.net/jsa10890
Trust: 1.7
url:http://www.securitytracker.com/id/1041857
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0056
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0056
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10890&actp=metadata
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118258 // 
            
            
            
            BID: 106673 // 
            
            
            
            JVNDB: JVNDB-2018-013647 // 
            
            
            
            CNNVD: CNNVD-201810-524 // 
            
            
            
            NVD: CVE-2018-0056

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 106673

SOURCES
db:VULHUBid:VHN-118258
db:BIDid:106673
db:JVNDBid:JVNDB-2018-013647
db:CNNVDid:CNNVD-201810-524
db:NVDid:CVE-2018-0056

LAST UPDATE DATE
2024-08-14T15:13:00.757000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118258date:2019-10-09T00:00:00
db:BIDid:106673date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013647date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-524date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0056date:2019-10-09T23:31:09.363

SOURCES RELEASE DATE
db:VULHUBid:VHN-118258date:2018-10-10T00:00:00
db:BIDid:106673date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013647date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-524date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0056date:2018-10-10T18:29:02.873