CVE-2018-0019 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation6 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 43.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedApr 11

Latest updateMay 13

Description

A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the SNMP subsystem. While a mib2d process crash can disrupt the network monitoring via SNMP, it does not impact routing, switching or firewall functionalities. SNMP is disabled by default on devices running Junos OS. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; …

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os12.1X46 — 12.1X46-D76+12

▶NVDjuniper/junos15 versions+14

▶juniperjuniper/junos_os

Patches

Patch: kb.juniper.net ↗Patch: kb.juniper.net ↗

🔴Vulnerability Details

GHSA

GHSA-c6q9-4465-fh9v: A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resultin↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0019: A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resultin↗2018-04-11

▶

💬Community

Bugzilla

CVE-2018-14631 moodle: boost theme - blog search GET parameter insufficiently filtered (MSA-18-0019)↗2018-09-17

▶

Bugzilla

CVE-2018-14631 moodle: boost theme - blog search GET parameter insufficiently filtered (MSA-18-0019) [fedora-all]↗2018-09-17

▶