CVE-2018-0060 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 57.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +2 more

Timeline

PublishedOct 10

Latest updateMay 13

Description

An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on S…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5juniper_networks/junos_os12.1X46 — 12.1X46-D40+8

▶NVDjuniper/junos6 versions+5

▶juniperjuniper/junos_os

▶juniperjuniper/qfx_series

▶juniperjuniper/srx_series

🔴Vulnerability Details

GHSA

GHSA-687m-cccm-2jgw: An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0060: An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of↗2018-10-10

▶