#VU15305 Resource management error in Juniper Junos OS and Juniper Junos Space
Vulnerability identifier: #VU15305
Vulnerability risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Juniper Junos OS
Operating systems & Components /
Operating system
Juniper Junos Space
Server applications /
Remote management servers, RDP, SSH
Vendor: Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability is caused by improper resources management when processing MPLS packets. A remote attacker can repeatedly send specially crafted MPLS packets to the affected device and cause the routing protocol daemon (RPD) process to crash and restart.
The vulnerability affects IPv4 and IPv6.
Mitigation
The vulnerability has been fixed in the versions 12.1X46-D77, 12.3R12-S10, 12.3X48-D75, 14.1X53-D130, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S8, 16.1R5-S4, 16.1R6-S4, 16.1R7, 16.1X65-D48, 16.2R1-S6, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S6, 17.1R3, 17.2R1-S6, 17.2R2-S3, 17.2R3, 17.2X75-D100, 17.2X75-D42, 17.2X75-D91, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5 and all subsequent releases.
Vulnerable software versions
Juniper Junos OS: 12.1x46 - 12.1X46-D67, 12.3R12 - 12.3R12-S9, 12.3X48-D10 - 12.3X48-D70, 14.1X53-D15 - 14.1X53-D121, 15.1F6 - 15.1F6-S9, 15.1X49-D10 - 15.1X49-D131, 16.1R3-S1 - 16.1X70-D10, 16.2R2 - 16.2R2-S5, 17.1R1 - 17.1R2-S2, 17.2X75 - 17.2X75-D90, 17.3R1 - 17.3R2, 17.4R1 - 17.4R1-S2, 18.1, 18.2
Juniper Junos Space: 12.3X48-D20 - 14.1X53-D122
External links
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10877&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
