CVE-2018-0055 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 52.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedOct 10

Latest updateMay 13

Description

Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may result in a jdhcpd daemon crash. The daemon automatically restarts without intervention, but a continuous receipt of crafted DHCPv6 packets could leaded to an extended denial of service condition. This issue only affects Junos OS 15.1 and later. Earlier releases are unaffected by this issue. Devices are only vulnerable to the specially crafted DHCPv6 m…

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os15.1 — 15.1R7-S2+11

▶NVDjuniper/junos11 versions+10

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-p6gc-w5mm-m869: Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may resu↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion↗2018-08-17

▶

📋Vendor Advisories

Juniper

CVE-2018-0055: Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may resu↗2018-10-10

▶