CVE-2018-0032
Junos OS: RPD crash when receiving a crafted BGP UPDATE
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2.
La recepción de un BGP UPDATE manipulado puede conducir al cierre inesperado y reinicio de un demonio de proceso de enrutamiento (RPD). La recepción repetida del mismo BGP UPDATE manipulado puede resultar en una condición de denegación de servicio (DoS) extendida para los dispositivos. Este problema solo afecta a las versiones específicas de Junos OS listadas en este advisory. Las versiones anteriores no se han visto afectadas por esta vulnerabilidad. Este BGP UPDATE manipulado no se propaga a otros peers BGP. Las versiones afectadas son Juniper Networks Junos OS: 16.1X65 en versiones anteriores a 16.1X65-D47; 17.2X75 en versiones anteriores a 17.2X75-D91, 17.2X75-D110; 17.3 en versiones anteriores a 17.3R1-S4, 17.3R2; 17.4 en versiones anteriores a 17.4R1-S3 y 17.4R2.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-16 CVE Reserved
- 2018-07-11 CVE Published
- 2024-05-20 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1041337 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/JSA10866 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 16.1x65 Search vendor "Juniper" for product "Junos" and version "16.1x65" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 16.1x65 Search vendor "Juniper" for product "Junos" and version "16.1x65" | d30 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 16.1x65 Search vendor "Juniper" for product "Junos" and version "16.1x65" | d35 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 16.1x65 Search vendor "Juniper" for product "Junos" and version "16.1x65" | d40 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 17.2x75 Search vendor "Juniper" for product "Junos" and version "17.2x75" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 17.3 Search vendor "Juniper" for product "Junos" and version "17.3" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 17.3 Search vendor "Juniper" for product "Junos" and version "17.3" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 17.4 Search vendor "Juniper" for product "Junos" and version "17.4" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 17.4 Search vendor "Juniper" for product "Junos" and version "17.4" | r1 |
Affected
| ||||||