CVE-2018-0016

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 15.1F5-S3 Junos OS versions prior to 15.1F6-S8 Junos OS versions prior to 15.1F7 Junos OS versions prior to 15.1R5 Junos OS 15.1X49 versions prior to 15.1X49-D60 Junos OS 15.1X53 versions prior to 15.1X53-D66 Junos OS 15.1X53 versions prior to 15.1X53-D233 Junos OS 15.1X53 versions prior to 15.1X53-D471

Description The issue is related to errors in processing Connectionless Network Protocol (CLNP) packets in the Junos OS. Receipt of a specially crafted CLNP datagram may result in a kernel crash or lead to remote code execution. Devices are only vulnerable if 'clns-routing' or ES-IS is explicitly configured. Devices without CLNS enabled or with IS-IS configured on the interface are not vulnerable unless CLNS routing is also enabled.

Recommendations For Junos OS versions prior to 15.1F5-S3, update to 15.1F5-S3 or later. For Junos OS versions prior to 15.1F6-S8, update to 15.1F6-S8 or later. For Junos OS versions prior to 15.1F7, update to 15.1F7 or later. For Junos OS versions prior to 15.1R5, update to 15.1R5 or later. For Junos OS 15.1X49 versions prior to 15.1X49-D60, update to 15.1X49-D60 or later. For Junos OS 15.1X53 versions prior to 15.1X53-D66, update to 15.1X53-D66 or later. For Junos OS 15.1X53 versions prior to 15.1X53-D233, update to 15.1X53-D233 or later. For Junos OS 15.1X53 versions prior to 15.1X53-D471, update to 15.1X53-D471 or later. As a temporary workaround, consider disabling 'clns-routing' or ES-IS until a patch is available. Restrict access to interfaces with CLNS enabled to minimize the risk of exploitation.