CVE-2018-0058

EPSS 0.36%
Veröffentlicht 10.10.2018 18:29:03
Zuletzt bearbeitet 21.11.2024 03:37:28
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route processing on MX Series subscriber management platforms, introduced by the Tomcat (Next Generation Subscriber Management) functionality in Junos OS 15.1. This issue affects no other platforms or configurations. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8 on MX Series; 16.1 versions prior to 16.1R4-S11, 16.1R7-S2, 16.1R8 on MX Series; 16.2 versions prior to 16.2R3 on MX Series; 17.1 versions prior to 17.1R2-S9, 17.1R3 on MX Series; 17.2 versions prior to 17.2R2-S6, 17.2R3 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S2, 17.3R4 on MX Series; 17.4 versions prior to 17.4R2 on MX Series; 18.1 versions prior to 18.1R2-S3, 18.1R3 on MX Series; 18.2 versions prior to 18.2R1-S1, 18.2R2 on MX Series.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version15.1

Juniper ≫ Junos Version15.1 Updatef2

Juniper ≫ Junos Version15.1 Updatef3

Juniper ≫ Junos Version15.1 Updatef4

Juniper ≫ Junos Version15.1 Updatef5

Juniper ≫ Junos Version15.1 Updatef6

Juniper ≫ Junos Version15.1 Updatef7

Juniper ≫ Junos Version15.1 Updater1

Juniper ≫ Junos Version15.1 Updater2

Juniper ≫ Junos Version15.1 Updater3

Juniper ≫ Junos Version15.1 Updater4

Juniper ≫ Junos Version15.1 Updater5

Juniper ≫ Junos Version15.1 Updater6

Juniper ≫ Junos Version16.1

Juniper ≫ Junos Version16.1 Updater1

Juniper ≫ Junos Version16.1 Updater2

Juniper ≫ Junos Version16.1 Updater3

Juniper ≫ Junos Version16.1 Updater5

Juniper ≫ Junos Version16.1 Updater6

Juniper ≫ Junos Version16.2

Juniper ≫ Junos Version16.2 Updater1

Juniper ≫ Junos Version16.2 Updater2

Juniper ≫ Junos Version17.1

Juniper ≫ Junos Version17.1 Updater1

Juniper ≫ Junos Version17.2

Juniper ≫ Junos Version17.2 Updater1

Juniper ≫ Junos Version17.3

Juniper ≫ Junos Version17.3 Updater1

Juniper ≫ Junos Version17.4

Juniper ≫ Junos Version17.4 Updater1

Juniper ≫ Junos Version18.1

Juniper ≫ Junos Version18.1 Updater1

Juniper ≫ Junos Version18.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.577

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
sirt@juniper.net	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://kb.juniper.net/JSA10893

Vendor Advisory

https://kb.juniper.net/KB31899

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0058

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0058

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0058

EUVD