CVE-2018-0021

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 14.1R10 Junos OS versions prior to 14.1X53-D47 Junos OS versions prior to 15.1R4-S9 Junos OS versions prior to 15.1R6-S6 Junos OS versions prior to 15.1R7 Junos OS versions prior to 15.1X49-D100 Junos OS versions prior to 15.1X53-D59 Junos OS versions prior to 16.1R3-S8 Junos OS versions prior to 16.1R4-S8 Junos OS versions prior to 16.1R5 Junos OS versions prior to 16.2R1-S6 Junos OS versions prior to 16.2R2 Junos OS versions prior to 17.1R2

Description: The issue arises when the connectivity association name (CKN) key or the connectivity association key (CAK) key is not fully configured, resulting in the remaining digits being auto-configured to 0. This increases the likelihood of an attacker discovering the secret passphrases through dictionary-based and brute-force-based attacks using spoofed packets.

Recommendations: For Junos OS versions prior to 14.1R10, update to 14.1R10 or later. For Junos OS versions prior to 14.1X53-D47, update to 14.1X53-D47 or later. For Junos OS versions prior to 15.1R4-S9, update to 15.1R4-S9 or later. For Junos OS versions prior to 15.1R6-S6, update to 15.1R6-S6 or later. For Junos OS versions prior to 15.1R7, update to 15.1R7 or later. For Junos OS versions prior to 15.1X49-D100, update to 15.1X49-D100 or later. For Junos OS versions prior to 15.1X53-D59, update to 15.1X53-D59 or later. For Junos OS versions prior to 16.1R3-S8, update to 16.1R3-S8 or later. For Junos OS versions prior to 16.1R4-S8, update to 16.1R4-S8 or later. For Junos OS versions prior to 16.1R5, update to 16.1R5 or later. For Junos OS versions prior to 16.2R1-S6, update to 16.2R1-S6 or later. For Junos OS versions prior to 16.2R2, update to 16.2R2 or later. For Junos OS versions prior to 17.1R2, update to 17.1R2 or later.