Resource management error in Juniper Junos OS

1) Resource management error

EUVDB-ID: #VU15305

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0043

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability is caused by improper resources management when processing MPLS packets. A remote attacker can repeatedly send specially crafted MPLS packets to the affected device and cause the routing protocol daemon (RPD) process to crash and restart.  

The vulnerability affects IPv4 and IPv6.

Mitigation

The vulnerability has been fixed in the versions 12.1X46-D77, 12.3R12-S10, 12.3X48-D75, 14.1X53-D130, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S8, 16.1R5-S4, 16.1R6-S4, 16.1R7, 16.1X65-D48, 16.2R1-S6, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S6, 17.1R3, 17.2R1-S6, 17.2R2-S3, 17.2R3, 17.2X75-D100, 17.2X75-D42, 17.2X75-D91, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5 and all subsequent releases.

Vulnerable software versions

Juniper Junos OS: 12.1x46 - 18.2

Juniper Junos Space: 12.3X48-D20 - 14.1X53-D122

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10877&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.