CVE-2018-0037

Name of the Vulnerable Software and Affected Versions: Junos OS versions 15.1F5-S7 through 15.1F6-S9 Junos OS versions 15.1F6-S10 is not affected, but versions prior to 15.1F6-S10 are affected, so the correct range is: Junos OS versions 15.1F5-S7 through 15.1F6-S9 Junos OS versions 15.1R5 through 15.1R6-S5 Junos OS versions 15.1R7 and earlier

Description: The Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. An attacker can cause a sustained Denial of Service by continuously sending crafted BGP NOTIFICATION messages, crashing the RPD process. This issue only affects the receiving BGP device and is non-transitive in nature.

Recommendations: For Junos OS versions 15.1F5-S7 through 15.1F6-S9, update to version 15.1F6-S10 or later. For Junos OS versions 15.1R5 through 15.1R6-S5, update to version 15.1R6-S6 or later. For Junos OS versions 15.1R7 and earlier, update to version 15.1R7 or later, but since 16.1R1 is mentioned as not affected, it is recommended to update to 16.1R1 or later to ensure the issue is resolved.