{"containers": {"cna": {"affected": [{"product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "16.1X65-D47", "status": "affected", "version": "16.1X65", "versionType": "custom"}, {"lessThan": "17.2X75-D91, 17.2X75-D110", "status": "affected", "version": "17.2X75", "versionType": "custom"}, {"lessThan": "17.3R1-S4, 17.3R2", "status": "affected", "version": "17.3", "versionType": "custom"}, {"lessThan": "17.4R1-S3, 17.4R2", "status": "affected", "version": "17.4", "versionType": "custom"}]}], "datePublic": "2018-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-27T09:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"name": "1041337", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041337"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10866"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 16.1X65-D47, 17.2X75-D110, 17.2X75-D91, 17.3R1-S4, 17.3R2, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5, and all subsequent releases."}], "source": {"advisory": "JSA10866", "defect": ["1327708"], "discovery": "INTERNAL"}, "title": "Junos OS: RPD crash when receiving a crafted BGP UPDATE", "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2018-07-11T16:00:00.000Z", "ID": "CVE-2018-0032", "STATE": "PUBLIC", "TITLE": "Junos OS: RPD crash when receiving a crafted BGP UPDATE"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "16.1X65", "version_value": "16.1X65-D47"}, {"affected": "<", "version_affected": "<", "version_name": "17.2X75", "version_value": "17.2X75-D91, 17.2X75-D110"}, {"affected": "<", "version_affected": "<", "version_name": "17.3", "version_value": "17.3R1-S4, 17.3R2"}, {"affected": "<", "version_affected": "<", "version_name": "17.4", "version_value": "17.4R1-S3, 17.4R2"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "1041337", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041337"}, {"name": "https://kb.juniper.net/JSA10866", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10866"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 16.1X65-D47, 17.2X75-D110, 17.2X75-D91, 17.3R1-S4, 17.3R2, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5, and all subsequent releases."}], "source": {"advisory": "JSA10866", "defect": ["1327708"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "There are no known workarounds for this issue"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.604Z"}, "title": "CVE Program Container", "references": [{"name": "1041337", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041337"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA10866"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2018-0032", "datePublished": "2018-07-11T18:00:00Z", "dateReserved": "2017-11-16T00:00:00", "dateUpdated": "2024-09-16T18:13:08.114Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:16.1x65:*:*:*:*:*:*:*", "matchCriteriaId": "CA096D02-3E65-4D84-AB38-DE6DC7270097", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:16.1x65:d30:*:*:*:*:*:*", "matchCriteriaId": "2A347C15-3ABC-4B11-A9BB-5DF1C73538EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:16.1x65:d35:*:*:*:*:*:*", "matchCriteriaId": "EBCD72E3-22CE-4E9E-9CC5-686C4B163116", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:16.1x65:d40:*:*:*:*:*:*", "matchCriteriaId": "46A11513-B901-4E12-8AA7-54D4794595D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:17.2x75:*:*:*:*:*:*:*", "matchCriteriaId": "191A3F26-3C6E-4B5A-9D40-E6ABC2BFA7AF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F69A0E5-B61B-405D-B501-9CB306651CEA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*", "matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*", "matchCriteriaId": "974B6128-ABD2-4D9C-87A1-5F1740DDCB95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*", "matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2."}, {"lang": "es", "value": "La recepci\u00f3n de un BGP UPDATE manipulado puede conducir al cierre inesperado y reinicio de un demonio de proceso de enrutamiento (RPD). La recepci\u00f3n repetida del mismo BGP UPDATE manipulado puede resultar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) extendida para los dispositivos. Este problema solo afecta a las versiones espec\u00edficas de Junos OS listadas en este advisory. Las versiones anteriores no se han visto afectadas por esta vulnerabilidad. Este BGP UPDATE manipulado no se propaga a otros peers BGP. Las versiones afectadas son Juniper Networks Junos OS: 16.1X65 en versiones anteriores a 16.1X65-D47; 17.2X75 en versiones anteriores a 17.2X75-D91, 17.2X75-D110; 17.3 en versiones anteriores a 17.3R1-S4, 17.3R2; 17.4 en versiones anteriores a 17.4R1-S3 y 17.4R2."}], "id": "CVE-2018-0032", "lastModified": "2024-11-21T03:37:23.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-11T18:29:00.573", "references": [{"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041337"}, {"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA10866"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA10866"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}