CVE-2018-0045

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 12.1X46-D77 Junos OS versions prior to 12.3R12-S10 Junos OS versions prior to 12.3X48-D70 Junos OS versions prior to 15.1R4-S9 Junos OS versions prior to 15.1R6-S6 Junos OS versions prior to 15.1R7 Junos OS version 15.1F6 Junos OS versions prior to 15.1X49-D140 Junos OS versions prior to 15.1X53-D59 Junos OS versions prior to 15.1X53-D67 Junos OS versions prior to 15.1X53-D233 Junos OS versions prior to 15.1X53-D471 Junos OS versions prior to 15.1X53-D490 Junos OS versions prior to 16.1R4-S9 Junos OS versions prior to 16.1R5-S4 Junos OS versions prior to 16.1R6-S3 Junos OS versions prior to 16.1R7 Junos OS versions prior to 16.2R1-S6 Junos OS versions prior to 16.2R2-S6 Junos OS versions prior to 16.2R3 Junos OS versions prior to 17.1R1-S7 Junos OS versions prior to 17.1R2-S7 Junos OS versions prior to 17.1R3 Junos OS versions prior to 17.2R2-S4 Junos OS versions prior to 17.2R3 Junos OS versions prior to 17.3R2-S2 Junos OS versions prior to 17.3R3 Junos OS versions prior to 17.4R1-S3 Junos OS versions prior to 17.4R2 Junos OS versions prior to 18.1R2

Description The issue is caused by errors in processing input data in the Routing Protocols Daemon (RPD) of the Junos operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code by sending multiple specially crafted Draft-Rosen MPLS packets. Receipt of a specific Draft-Rosen MVPN control packet may cause the RPD process to crash and restart, or may lead to remote code execution. An attacker can repeatedly crash the RPD process, causing a prolonged denial of service, by continuously sending the same specific Draft-Rosen MVPN control packet. This issue can only be exploited from the PE device within the MPLS domain, which is capable of forwarding IP multicast traffic in the core.

Recommendations As a temporary workaround, consider disabling the Draft-Rosen multicast virtual private network (MVPN) feature until a patch is available. Restrict access to the RPD process to minimize the risk of exploitation. Avoid using the Draft-Rosen MVPN control packet in the affected API endpoint until the issue is resolved. Update to a fixed version of Junos OS to resolve the issue.