CVE-2018-0027 - OpenCVE

Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Junos

Configuration 1 [-]

OR	cpe:2.3:o:juniper:junos:16.1:r1::::::
	cpe:2.3:o:juniper:junos:16.1:r2::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104721
http://www.securitytracker.com/id/1041318
https://kb.juniper.net/JSA10861

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2018-07-11T18:00:00Z

Updated: 2024-09-17T04:25:35.668Z

Reserved: 2017-11-16T00:00:00

Link: CVE-2018-0027

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-11T18:29:00.340

Modified: 2019-10-09T23:31:01.267

Link: CVE-2018-0027

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "16.1R3", "status": "affected", "version": "16.1", "versionType": "custom"}, {"lessThan": "16.1R1", "status": "unaffected", "version": "all", "versionType": "custom"}]}], "datePublic": "2018-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-27T09:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10861"}, {"name": "1041318", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041318"}, {"name": "104721", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104721"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 16.1R3, 16.2R1, and all subsequent releases."}], "source": {"advisory": "JSA10861", "defect": ["1214350"], "discovery": "INTERNAL"}, "title": "Junos OS: Receipt of malformed RSVP packet may lead to RPD denial of service", "workarounds": [{"lang": "en", "value": "Only enable RSVP on specific trusted interfaces as required for MPLS."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2018-07-11T16:00:00.000Z", "ID": "CVE-2018-0027", "STATE": "PUBLIC", "TITLE": "Junos OS: Receipt of malformed RSVP packet may lead to RPD denial of service"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "16.1", "version_value": "16.1R3"}, {"affected": "!<", "version_affected": "!<", "version_name": "all", "version_value": "16.1R1"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "denial of service"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA10861", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10861"}, {"name": "1041318", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041318"}, {"name": "104721", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104721"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 16.1R3, 16.2R1, and all subsequent releases."}], "source": {"advisory": "JSA10861", "defect": ["1214350"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "Only enable RSVP on specific trusted interfaces as required for MPLS."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.086Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA10861"}, {"name": "1041318", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041318"}, {"name": "104721", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104721"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2018-0027", "datePublished": "2018-07-11T18:00:00Z", "dateReserved": "2017-11-16T00:00:00", "dateUpdated": "2024-09-17T04:25:35.668Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*", "matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*", "matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1."}, {"lang": "es", "value": "La recepci\u00f3n de un mensaje RSVP PATH manipulado o mal formado podr\u00eda provocar que el demonio del protocolo de enrutamiento se bloquee o se cierre inesperadamente. Cuando RPD no est\u00e1 disponible, las actualizaciones de enrutamiento no pueden ser procesadas, lo que puede conducir a una ca\u00edda prolongada de la red. Si RSVP no est\u00e1 habilitado en una interfaz, el problema no puede ser desencadenado mediante esa interfaz. Este problema solo afecta a Juniper Networks Junos OS 16.1 en versiones anteriores a 16.1R3. Este problema no afecta a las versiones de Junos anteriores a la 16.1R1."}], "id": "CVE-2018-0027", "lastModified": "2019-10-09T23:31:01.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2018-07-11T18:29:00.340", "references": [{"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104721"}, {"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041318"}, {"source": "sirt@juniper.net", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA10861"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}