CVE-2018-0007 — Command Injection in Juniper Junos

CWE-77 — Command Injection CWE-94 — Code Injection CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 37.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS

Timeline

PublishedJan 10

Latest updateMay 13

Description

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDjuniper/junos13 versions+12

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-5cv8-wvw6-mf2f: An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0007: An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may↗2018-01-10

▶

💬Community

Bugzilla

CVE-2018-1133 CVE-2018-1134 CVE-2018-1135 CVE-2018-1136 CVE-2018-1137 moodle: Six security issues fixed in the latest release↗2018-05-25

▶