CVE-2018-0058

MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a Denial of Service

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route processing on MX Series subscriber management platforms, introduced by the Tomcat (Next Generation Subscriber Management) functionality in Junos OS 15.1. This issue affects no other platforms or configurations. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8 on MX Series; 16.1 versions prior to 16.1R4-S11, 16.1R7-S2, 16.1R8 on MX Series; 16.2 versions prior to 16.2R3 on MX Series; 17.1 versions prior to 17.1R2-S9, 17.1R3 on MX Series; 17.2 versions prior to 17.2R2-S6, 17.2R3 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S2, 17.3R4 on MX Series; 17.4 versions prior to 17.4R2 on MX Series; 18.1 versions prior to 18.1R2-S3, 18.1R3 on MX Series; 18.2 versions prior to 18.2R1-S1, 18.2R2 on MX Series.

La recepción de un paquete de excepción IPv6 especialmente manipulado podría desencadenar un cierre inesperado del kernel (vmcore), provocando que el dispositivo se reinicie. El problema es específico al procesamiento de rutas de cliente BBE (Broadband Edge) en las plataformas de gestión de suscriptores de MX Series, introducida por la funcionalidad de Tomcat (Next Generation Subscriber Management) en Junos OS 15.1. El problema no afecta a otras plataformas o configuraciones. Las versiones afectadas de Juniper Networks Junos OS son: 15.1 en versiones anteriores a la 15.1R7-S2, 15.1R8 en MX Series; 16.1 en versiones anteriores a la 16.1R4-S11, 16.1R7-S2, 16.1R8 en MX Series; 16.2 en versiones anteriores a la 16.2R3 en MX Series; 17.1 en versiones anteriores a la 17.1R2-S9, 17.1R3 en MX Series; 17.2 en versiones anteriores a la 17.2R2-S6, 17.2R3 en MX Series; 17.3 en versiones anteriores a la 17.3R2-S4, 17.3R3-S2, 17.3R4 en MX Series; 17.4 en versiones anteriores a la 17.4R2 en MX Series; 18.1 en versiones anteriores a la 18.1R2-S3, 18.1R3 en MX Series; 18.2 en versiones anteriores a la 18.2R1-S1 y 18.2R2 en MX Series.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-16 CVE Reserved
2018-10-10 CVE Published
2024-08-19 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.juniper.net/JSA10893	2019-10-09
https://kb.juniper.net/KB31899	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		f2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		f3		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		f4		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		f5		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		f6		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		f7		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		r2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		r3		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		r4		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		r5		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				15.1 Search vendor "Juniper" for product "Junos" and version "15.1"		r6		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				16.1 Search vendor "Juniper" for product "Junos" and version "16.1"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				16.1 Search vendor "Juniper" for product "Junos" and version "16.1"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				16.1 Search vendor "Juniper" for product "Junos" and version "16.1"		r2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				16.1 Search vendor "Juniper" for product "Junos" and version "16.1"		r3		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				16.1 Search vendor "Juniper" for product "Junos" and version "16.1"		r5		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				16.1 Search vendor "Juniper" for product "Junos" and version "16.1"		r6		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				16.2 Search vendor "Juniper" for product "Junos" and version "16.2"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				16.2 Search vendor "Juniper" for product "Junos" and version "16.2"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				16.2 Search vendor "Juniper" for product "Junos" and version "16.2"		r2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				17.1 Search vendor "Juniper" for product "Junos" and version "17.1"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				17.1 Search vendor "Juniper" for product "Junos" and version "17.1"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				17.2 Search vendor "Juniper" for product "Junos" and version "17.2"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				17.2 Search vendor "Juniper" for product "Junos" and version "17.2"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				17.3 Search vendor "Juniper" for product "Junos" and version "17.3"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				17.3 Search vendor "Juniper" for product "Junos" and version "17.3"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				17.4 Search vendor "Juniper" for product "Junos" and version "17.4"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				17.4 Search vendor "Juniper" for product "Junos" and version "17.4"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				18.1 Search vendor "Juniper" for product "Junos" and version "18.1"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				18.1 Search vendor "Juniper" for product "Junos" and version "18.1"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				18.2 Search vendor "Juniper" for product "Junos" and version "18.2"		-		Affected