CVE-2018-0057 — Networks Junos OS vulnerability

3 documents3 sources

Severity

9.6CRITICALNVD

EPSS

0.3%

top 43.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +1 more

Timeline

PublishedOct 10

Latest updateMay 13

Description

On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:HExploitability: 3.1 | Impact: 5.8

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os15.1 — 15.1R7-S2, 15.1R8+7

▶NVDjuniper/junos8 versions+7

▶juniperjuniper/junos_os

▶juniperjuniper/mx_series

🔴Vulnerability Details

GHSA

GHSA-6ffm-w2x6-jcwh: On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specifi↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0057: On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specifi↗2018-10-10

▶