CVE-2018-0027 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.9%

top 24.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedJul 11

Latest updateMay 13

Description

Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os16.1 — 16.1R3

▶NVDjuniper/junos16.1

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-mg8q-9fc7-9gjp: Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash↗2022-05-13

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage↗2018-11-09

▶

Juniper

CVE-2018-0027: Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing upd↗2018-07-11

▶