CVE-2018-0043 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 28.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper EX Series +3 more

Timeline

PublishedOct 10

Latest updateMay 13

Description

Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects both IPv4 and IPv6. This issue can only be exploited from within the MPLS domain. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 …

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶juniperjuniper/ex_series

▶juniperjuniper/qfx_series

▶juniperjuniper/srx_series

▶CVEListV5juniper_networks/junos_os12.1X46 — 12.1X46-D77+19

▶NVDjuniper/junos14 versions+13

🔴Vulnerability Details

GHSA

GHSA-3g6v-2x3m-6vc6: Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0043: Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By co↗2018-10-10

▶