PT-2018-2499 · Juniper Networks · Junos

Publicado

2018-07-11

·

Atualizado

2019-10-09

·

CVE-2018-0032

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 16.1X65-D47 Junos OS versions prior to 17.2X75-D91 Junos OS versions prior to 17.2X75-D110 Junos OS versions prior to 17.3R1-S4 Junos OS versions prior to 17.3R2 Junos OS versions prior to 17.4R1-S3 Junos OS versions prior to 17.4R2
Description The issue is related to insufficient input validation in the Junos operating system. Exploitation of this issue can allow an attacker to cause a denial of service. Specifically, the receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device.
Recommendations For Junos OS versions prior to 16.1X65-D47, update to version 16.1X65-D47 or later. For Junos OS versions prior to 17.2X75-D91, update to version 17.2X75-D91 or later. For Junos OS versions prior to 17.2X75-D110, update to version 17.2X75-D110 or later. For Junos OS versions prior to 17.3R1-S4, update to version 17.3R1-S4 or later. For Junos OS versions prior to 17.3R2, update to version 17.3R2 or later. For Junos OS versions prior to 17.4R1-S3, update to version 17.4R1-S3 or later. For Junos OS versions prior to 17.4R2, update to version 17.4R2 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2019-00827
CVE-2018-0032

Produtos afetados

Junos