CVE-2018-0037 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.7%

top 17.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedJul 11

Latest updateMay 13

Description

Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Due to design improvements, this issue does not affect Junos OS 16.1R1, and all subsequent releases. This issue only affects the receiving BGP device and is non-transitive in nature. Affected re…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os15.1F5-S7 — 15.1F5*+3

▶NVDjuniper/junos15.1

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-g6hq-jqj4-2fv5: Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION m↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion↗2018-08-17

▶

📋Vendor Advisories

Juniper

CVE-2018-0037: Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION m↗2018-07-11

▶