Sign-up

ID

VAR-201810-0082


CVE

CVE-2018-0060


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013695

DESCRIPTION

An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 14.1X53 versions prior to 14.1X53-D40 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1X49 versions prior to 15.1X49-D20 on SRX Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D495 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400; 15.1 versions prior to 15.1R7-S2. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK

Trust: 1.98

sources: NVD: CVE-2018-0060 // JVNDB: JVNDB-2018-013695 // BID: 105766 // VULHUB: VHN-118262

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 17.4r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d58scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d57scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d140scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d131scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d130scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d120scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d110scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d100scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d75scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s10scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d77scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d76scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d72scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d71scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d67scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d65scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d46scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d37scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d68scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d495scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d235scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope:neversion: -

Trust: 0.3

sources: BID: 105766 // JVNDB: JVNDB-2018-013695 // NVD: CVE-2018-0060

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0060
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2018-0060
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0060
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-528
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118262
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0060
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118262
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0060
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0060
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118262 // JVNDB: JVNDB-2018-013695 // CNNVD: CNNVD-201810-528 // NVD: CVE-2018-0060 // NVD: CVE-2018-0060

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118262 // JVNDB: JVNDB-2018-013695 // NVD: CVE-2018-0060

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-528

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 105766 // CNNVD: CNNVD-201810-528

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013695

PATCH
title:JSA10895url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10895&actp=METADATA
Trust: 0.8
title:Juniper Junos OS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86114
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013695 // 
            
            
            
            CNNVD: CNNVD-201810-528

EXTERNAL IDS
db:NVDid:CVE-2018-0060
Trust: 2.8
db:JUNIPERid:JSA10895
Trust: 2.0
db:SECTRACKid:1041858
Trust: 1.7
db:JVNDBid:JVNDB-2018-013695
Trust: 0.8
db:CNNVDid:CNNVD-201810-528
Trust: 0.7
db:BIDid:105766
Trust: 0.3
db:VULHUBid:VHN-118262
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118262 // 
            
            
            
            BID: 105766 // 
            
            
            
            JVNDB: JVNDB-2018-013695 // 
            
            
            
            CNNVD: CNNVD-201810-528 // 
            
            
            
            NVD: CVE-2018-0060

REFERENCES
url:https://kb.juniper.net/jsa10895
Trust: 1.7
url:http://www.securitytracker.com/id/1041858
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0060
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0060
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10895&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118262 // 
            
            
            
            BID: 105766 // 
            
            
            
            JVNDB: JVNDB-2018-013695 // 
            
            
            
            CNNVD: CNNVD-201810-528 // 
            
            
            
            NVD: CVE-2018-0060

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 105766

SOURCES
db:VULHUBid:VHN-118262
db:BIDid:105766
db:JVNDBid:JVNDB-2018-013695
db:CNNVDid:CNNVD-201810-528
db:NVDid:CVE-2018-0060

LAST UPDATE DATE
2024-11-23T22:55:43.740000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118262date:2019-10-09T00:00:00
db:BIDid:105766date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013695date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201810-528date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0060date:2024-11-21T03:37:29.120

SOURCES RELEASE DATE
db:VULHUBid:VHN-118262date:2018-10-10T00:00:00
db:BIDid:105766date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-013695date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201810-528date:2018-10-11T00:00:00
db:NVDid:CVE-2018-0060date:2018-10-10T18:29:03.373