#VU15305 Resource management error in Juniper Junos OS and Juniper Junos Space - CVE-2018-0043
Published: October 10, 2018 / Updated: October 11, 2018
Vulnerability identifier: #VU15305
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0043
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Juniper Junos Space
Juniper Junos OS
Juniper Junos Space
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability is caused by improper resources management when processing MPLS packets. A remote attacker can repeatedly send specially crafted MPLS packets to the affected device and cause the routing protocol daemon (RPD) process to crash and restart.
The vulnerability affects IPv4 and IPv6.
Remediation
The vulnerability has been fixed in the versions 12.1X46-D77, 12.3R12-S10, 12.3X48-D75, 14.1X53-D130, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S8, 16.1R5-S4, 16.1R6-S4, 16.1R7, 16.1X65-D48, 16.2R1-S6, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S6, 17.1R3, 17.2R1-S6, 17.2R2-S3, 17.2R3, 17.2X75-D100, 17.2X75-D42, 17.2X75-D91, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5 and all subsequent releases.