CVE-2018-0034 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.6%

top 30.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper EX Series +3 more

Timeline

PublishedJul 11

Latest updateMay 13

Description

A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 DHCP packet processing. Affected releases are Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S10 on EX Series; 12.3X48 versions prior to…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5juniper_networks/junos_os12.3X48 — 12.3X48-D70+14

▶juniperjuniper/ex_series

▶juniperjuniper/qfx_series

▶juniperjuniper/srx_series

▶NVDjuniper/junos12 versions+11

🔴Vulnerability Details

GHSA

GHSA-h2mh-64w5-3rxc: A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0034: A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending↗2018-07-11

▶