CVE-2018-0007

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 12.1X46-D71 Juniper Networks Junos OS versions prior to 12.3R12-S7 Juniper Networks Junos OS versions prior to 12.3X48-D55 Juniper Networks Junos OS versions prior to 14.1R8-S5 Juniper Networks Junos OS versions prior to 14.1R9 Juniper Networks Junos OS versions prior to 14.1X53-D46 Juniper Networks Junos OS versions prior to 14.1X53-D50 Juniper Networks Junos OS versions prior to 14.1X53-D107 Juniper Networks Junos OS versions prior to 14.2R7-S9 Juniper Networks Junos OS versions prior to 14.2R8 Juniper Networks Junos OS versions prior to 15.1F2-S17 Juniper Networks Junos OS versions prior to 15.1F5-S8 Juniper Networks Junos OS versions prior to 15.1F6-S8 Juniper Networks Junos OS versions prior to 15.1R5-S7 Juniper Networks Junos OS versions prior to 15.1R7 Juniper Networks Junos OS versions prior to 15.1X49-D90 Juniper Networks Junos OS versions prior to 15.1X53-D65 Juniper Networks Junos OS versions prior to 16.1R4-S6 Juniper Networks Junos OS versions prior to 16.1R5 Juniper Networks Junos OS versions prior to 16.1X65-D45 Juniper Networks Junos OS versions prior to 16.2R2 Juniper Networks Junos OS versions prior to 17.1R2

Description The issue is related to incorrect code generation management in the Junos operating system. An attacker can exploit this by sending a maliciously crafted LLDP packet to the local segment, potentially causing a denial of service or allowing for command or arbitrary code injection, thereby elevating their permissions and taking control of the device. If the attacker is authenticated on the target device, they may be able to perform command or arbitrary code injection, elevating their permissions and taking control of the device.

Recommendations As a temporary workaround, consider disabling the LLDP protocol until a patch is available. Restrict access to the affected devices to minimize the risk of exploitation. Update to a version of Juniper Networks Junos OS that is not affected by this issue, such as 12.1X46-D71 or later, 12.3R12-S7 or later, 12.3X48-D55 or later, 14.1R8-S5 or later, 14.1R9 or later, 14.1X53-D46 or later, 14.1X53-D50 or later, 14.1X53-D107 or later, 14.2R7-S9 or later, 14.2R8 or later, 15.1F2-S17 or later, 15.1F5-S8 or later, 15.1F6-S8 or later, 15.1R5-S7 or later, 15.1R7 or later, 15.1X49-D90 or later, 15.1X53-D65 or later, 16.1R4-S6 or later, 16.1R5 or later, 16.1X65-D45 or later, 16.2R2 or later, 17.1R2 or later.