CVE-2018-0020Improper Input Validation in Networks Junos OS

CWE-20Improper Input Validation6 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 42.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Juniper Networks Junos OSJuniper JunosJuniper Junos OS+2 more
Timeline
PublishedApr 11
Latest updateMay 13

Description

Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

CVEListV5juniper_networks/junos_os14.1X5314.1X53-D47+13
NVDjuniper/junos10 versions+9

🔴Vulnerability Details

1
GHSA
GHSA-qpj7-vvfc-pgpq: Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart2022-05-13

📋Vendor Advisories

2
VMware
VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Denial-of-Service and Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)2019-11-12
Juniper
CVE-2018-0020: Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart. Receipt of a rep2018-04-11

🕵️Threat Intelligence

2
Tenable
Critical Vulnerability Fixes Available For Juniper Devices2019-01-10
Tenable
Critical Vulnerability Fixes Available For Juniper Devices2019-01-10
CVE-2018-0020 — Improper Input Validation | cvebase