CVE-2018-0027

EPSS 1.03%
Published 11.07.2018 18:29:00
Last modified 21.11.2024 03:37:23
Source sirt@juniper.net
Teams watchlist Login
Open Login

Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Version16.1 Updater1

Juniper ≫ Junos Version16.1 Updater2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.03%	0.764

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/104721

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1041318

Third Party Advisory

VDB Entry

https://kb.juniper.net/JSA10861

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-0027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0027

EUVD