Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a prolonged denial of service. This issue may occur when the Junos OS device is configured for Draft-Rosen multicast virtual private network (MVPN). The VPN is multicast-enabled and configured to use Protocol Independent Multicast (PIM) protocol within the VPN. This issue can only be exploited from the PE device within the MPLS domain which is capable of forwarding IP multicast traffic in core. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. No other Juniper Networks products or platforms are affected by this issue.
Metrics
No CVSS v4.0
No CVSS v3.1
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
Access Vector Adjacent Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:A/AC:L/Au:N/C:P/I:P/A:P
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Juniper |
|
Configuration 1 [-]
AND |
|
Configuration 2 [-]
|
Configuration 3 [-]
AND |
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
AND |
|
Configuration 7 [-]
AND |
|
Configuration 8 [-]
AND |
|
Configuration 9 [-]
AND |
|
Configuration 10 [-]
AND |
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
Configuration 15 [-]
|
Configuration 16 [-]
|
Configuration 17 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: juniper
Published: 2018-10-10T18:00:00Z
Updated: 2024-09-17T00:25:26.719Z
Reserved: 2017-11-16T00:00:00
Link: CVE-2018-0045
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-10-10T18:29:00.670
Modified: 2024-11-21T03:37:25.300
Link: CVE-2018-0045
Redhat
No data.