Resource exhaustion in Juniper Junos OS - CVE-2018-0006
Published: January 15, 2018 / Updated: January 23, 2018
Vulnerability identifier: #VU10151
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0006
CWE-ID: CWE-400
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS
Juniper Junos OS
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
the weakness exists due to insufficient validation of user-supplied input. An adjacent attacker can send VLAN authentication attempts via the local broadcast domain to consume excessive memory on the target BBE subscriber management daemon (bbe-smgd) and cause denial of service conditions.
the weakness exists due to insufficient validation of user-supplied input. An adjacent attacker can send VLAN authentication attempts via the local broadcast domain to consume excessive memory on the target BBE subscriber management daemon (bbe-smgd) and cause denial of service conditions.
How to mitigate CVE-2018-0006
The vulnerability is addressed in the following versions: 15.1R6-S2, 15.1R7, 16.1R5-S1, 16.1R6, 16.2R2-S2, 16.2R3, 17.1R2-S5, 17.1R3, 17.2R2, 17.3R1, 17.4R1.