CVE-2018-0049 — NULL Pointer Dereference in Networks Junos OS

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 25.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +2 more

Timeline

PublishedOct 10

Latest updateMay 13

Description

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5juniper_networks/junos_os12.1X46-D76 — 12.1X46*+26

▶NVDjuniper/junos17 versions+16

▶juniperjuniper/junos_os

▶juniperjuniper/qfx_series

▶juniperjuniper/srx_series

🔴Vulnerability Details

GHSA

GHSA-cvg4-hp78-jhgv: A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion↗2018-08-17

▶

📋Vendor Advisories

Juniper

CVE-2018-0049: A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of t↗2018-10-10

▶