Sign-up

ID

VAR-201810-0080


CVE

CVE-2018-0058


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013646

DESCRIPTION

Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route processing on MX Series subscriber management platforms, introduced by the Tomcat (Next Generation Subscriber Management) functionality in Junos OS 15.1. This issue affects no other platforms or configurations. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8 on MX Series; 16.1 versions prior to 16.1R4-S11, 16.1R7-S2, 16.1R8 on MX Series; 16.2 versions prior to 16.2R3 on MX Series; 17.1 versions prior to 17.1R2-S9, 17.1R3 on MX Series; 17.2 versions prior to 17.2R2-S6, 17.2R3 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S2, 17.3R4 on MX Series; 17.4 versions prior to 17.4R2 on MX Series; 18.1 versions prior to 18.1R2-S3, 18.1R3 on MX Series; 18.2 versions prior to 18.2R1-S1, 18.2R2 on MX Series. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions based on MX Series platforms are affected: Juniper Junos OS Release 15.1, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2

Trust: 1.71

sources: NVD: CVE-2018-0058 // JVNDB: JVNDB-2018-013646 // VULHUB: VHN-118260

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:16.1r4-s12

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r6-s6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.3r2-s4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.2r2-s7

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:18.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r7-s1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.1r2-s9

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.1r2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.2r2-s6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.3r3-s1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.2r1-s7

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.4r1-s5

Trust: 0.8

sources: JVNDB: JVNDB-2018-013646 // NVD: CVE-2018-0058

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0058
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2018-0058
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0058
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-526
value: HIGH

Trust: 0.6

VULHUB: VHN-118260
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0058
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118260
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0058
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0058
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118260 // JVNDB: JVNDB-2018-013646 // CNNVD: CNNVD-201810-526 // NVD: CVE-2018-0058 // NVD: CVE-2018-0058

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118260 // JVNDB: JVNDB-2018-013646 // NVD: CVE-2018-0058

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-526

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-526

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013646

PATCH
title:KB31899url:https://kb.juniper.net/KB31899
Trust: 0.8
title:JSA10893url:https://kb.juniper.net/JSA10893
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86112
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013646 // 
            
            
            
            CNNVD: CNNVD-201810-526

EXTERNAL IDS
db:NVDid:CVE-2018-0058
Trust: 2.5
db:JUNIPERid:JSA10893
Trust: 1.7
db:JVNDBid:JVNDB-2018-013646
Trust: 0.8
db:CNNVDid:CNNVD-201810-526
Trust: 0.7
db:VULHUBid:VHN-118260
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118260 // 
            
            
            
            JVNDB: JVNDB-2018-013646 // 
            
            
            
            CNNVD: CNNVD-201810-526 // 
            
            
            
            NVD: CVE-2018-0058

REFERENCES
url:https://kb.juniper.net/jsa10893
Trust: 1.7
url:https://kb.juniper.net/kb31899
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0058
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0058
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118260 // 
            
            
            
            JVNDB: JVNDB-2018-013646 // 
            
            
            
            CNNVD: CNNVD-201810-526 // 
            
            
            
            NVD: CVE-2018-0058

SOURCES
db:VULHUBid:VHN-118260
db:JVNDBid:JVNDB-2018-013646
db:CNNVDid:CNNVD-201810-526
db:NVDid:CVE-2018-0058

LAST UPDATE DATE
2024-08-14T15:28:48.144000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118260date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-013646date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-526date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0058date:2019-10-09T23:31:09.770

SOURCES RELEASE DATE
db:VULHUBid:VHN-118260date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013646date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-526date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0058date:2018-10-10T18:29:03.077