Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-0043 |
CWE-ID | CWE-399 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Juniper Junos OS Operating systems & Components / Operating system Juniper Junos Space Server applications / Remote management servers, RDP, SSH |
Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU15305
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0043
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability is caused by improper resources management when processing MPLS packets. A remote attacker can repeatedly send specially crafted MPLS packets to the affected device and cause the routing protocol daemon (RPD) process to crash and restart.
The vulnerability affects IPv4 and IPv6.
MitigationThe vulnerability has been fixed in the versions 12.1X46-D77, 12.3R12-S10, 12.3X48-D75, 14.1X53-D130, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S8, 16.1R5-S4, 16.1R6-S4, 16.1R7, 16.1X65-D48, 16.2R1-S6, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S6, 17.1R3, 17.2R1-S6, 17.2R2-S3, 17.2R3, 17.2X75-D100, 17.2X75-D42, 17.2X75-D91, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5 and all subsequent releases.
Vulnerable software versionsJuniper Junos OS: 12.1x46 - 18.2
Juniper Junos Space: 12.3X48-D20 - 14.1X53-D122
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10877&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.