CVE-2018-0016Networks Junos OS vulnerability

6 documents5 sources
Severity
7.5HIGHNVD
EPSS
11.2%
top 6.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Junos OSJuniper JunosJuniper Junos OS
Timeline
PublishedApr 11
Latest updateMay 13

Description

Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or ES-IS is explicitly configured. Devices with without CLNS enabled are not vulnerable to this issue. Devices with IS-IS configured on the interface are not vulnerable to this issue unless CLNS routing is also enabled. This is

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

CVEListV5juniper_networks/junos_os15.115.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5+2
NVDjuniper/junos9 versions+8

🔴Vulnerability Details

1
GHSA
GHSA-mgmx-337f-xc42: Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel cr2022-05-13

💥Exploits & PoCs

2
Exploit-DB
Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion2018-08-17
Exploit-DB
Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions2018-07-12

📋Vendor Advisories

2
VMware
VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities2018-06-28
Juniper
CVE-2018-0016: Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel cr2018-04-11
CVE-2018-0016 — Juniper Networks Junos OS vulnerability | cvebase