CVE-2018-0050 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.5%

top 33.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +1 more

Timeline

PublishedOct 10

Latest updateMay 13

Description

An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affec…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os14.1 — 14.1R8-S5, 14.1R9+3

▶NVDjuniper/junos14.1, 14.1x53, 14.2+2

▶juniperjuniper/junos_os

▶juniperjuniper/qfx_series

🔴Vulnerability Details

GHSA

GHSA-hmcw-q8v8-4633: An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0050: An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued rec↗2018-10-10

▶