CVE-2018-0050

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 14.1R8-S5 Junos OS versions prior to 14.1R9 Junos OS 14.1X53 versions prior to 14.1X53-D48 on QFX Switching Junos OS 14.1X53 versions prior to 14.1X53-D130 on QFabric System Junos OS 14.2 versions prior to 14.2R4

Description The issue is related to an error handling vulnerability in the Routing Protocols Daemon (RPD) of Juniper Networks Junos OS. This vulnerability allows an attacker to cause RPD to crash by sending a malformed MPLS RSVP packet, potentially leading to a sustained Denial of Service condition. The vulnerability requires the packet to be received on an interface configured to receive this type of traffic. It affects IPv4 but not IPv6.

Recommendations For Junos OS versions prior to 14.1R8-S5, update to version 14.1R8-S5 or later. For Junos OS versions prior to 14.1R9, update to version 14.1R9 or later. For Junos OS 14.1X53 versions prior to 14.1X53-D48 on QFX Switching, update to version 14.1X53-D48 or later. For Junos OS 14.1X53 versions prior to 14.1X53-D130 on QFabric System, update to version 14.1X53-D130 or later. For Junos OS 14.2 versions prior to 14.2R4, update to version 14.2R4 or later.