7.5

CVE-2018-0050

An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version14.1
JuniperJunos Version14.1 Updater1
JuniperJunos Version14.1 Updater2
JuniperJunos Version14.1 Updater3
JuniperJunos Version14.1 Updater4
JuniperJunos Version14.1 Updater5
JuniperJunos Version14.1 Updater6
JuniperJunos Version14.1 Updater7
JuniperJunos Version14.1 Updater9
JuniperJunos Version14.1x53
JuniperJunos Version14.1x53 Updated10
JuniperJunos Version14.1x53 Updated121
JuniperJunos Version14.1x53 Updated15
JuniperJunos Version14.1x53 Updated16
JuniperJunos Version14.1x53 Updated25
JuniperJunos Version14.1x53 Updated26
JuniperJunos Version14.1x53 Updated27
JuniperJunos Version14.1x53 Updated30
JuniperJunos Version14.1x53 Updated35
JuniperJunos Version14.1x53 Updated40
JuniperJunos Version14.1x53 Updated42
JuniperJunos Version14.1x53 Updated43
JuniperJunos Version14.1x53 Updated44
JuniperJunos Version14.1x53 Updated45
JuniperJunos Version14.1x53 Updated46
JuniperJunos Version14.1x53 Updated47
JuniperJunos Version14.1x53
JuniperJunos Version14.1x53 Updated10
JuniperJunos Version14.1x53 Updated121
JuniperJunos Version14.1x53 Updated15
JuniperJunos Version14.1x53 Updated16
JuniperJunos Version14.1x53 Updated25
JuniperJunos Version14.1x53 Updated26
JuniperJunos Version14.1x53 Updated27
JuniperJunos Version14.1x53 Updated30
JuniperJunos Version14.1x53 Updated35
JuniperJunos Version14.1x53 Updated40
JuniperJunos Version14.1x53 Updated42
JuniperJunos Version14.1x53 Updated43
JuniperJunos Version14.1x53 Updated44
JuniperJunos Version14.1x53 Updated45
JuniperJunos Version14.1x53 Updated46
JuniperJunos Version14.1x53 Updated47
JuniperJunos Version14.1x53 Updated48
JuniperJunos Version14.2
JuniperJunos Version14.2
JuniperJunos Version14.2 Updater1
JuniperJunos Version14.2 Updater2
JuniperJunos Version14.2 Updater3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.661
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
sirt@juniper.net 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1041851
Third Party Advisory
VDB Entry
https://kb.juniper.net/JSA10884
Vendor Advisory
Mitigation