Sign-up

ID

VAR-201801-1075


CVE

CVE-2018-0007


TITLE

Juniper Networks Junos OS Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001469

DESCRIPTION

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue. Juniper Networks Junos OS Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. The operating system provides a secure programming interface and Junos SDK

Trust: 2.07

sources: NVD: CVE-2018-0007 // JVNDB: JVNDB-2018-001469 // BID: 104714 // VULHUB: VHN-118209 // VULMON: CVE-2018-0007

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:16.1x65

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:15.1r7

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r7-s9

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r8-s5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d71

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f6-s8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d55

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.1x65

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d50

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r5-s7

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r4-s6

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f2-s17

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3r12-s7

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d65

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d90

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f5-s8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.2r2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.1r2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d46

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r9

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d107

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1x65-d45

Trust: 0.8

vendor:junipermodel:junos os 17.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:17.1

Trust: 0.3

vendor:junipermodel:junos os 16.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 16.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:16.2

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:16.1x65

Trust: 0.3

vendor:junipermodel:junos os 16.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 16.1r3-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 16.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x53-d65scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x53-d63scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x53-d230scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x49-d90scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x49-d80scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x49-d78scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x49-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x49-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:15.1x49

Trust: 0.3

vendor:junipermodel:junos os 15.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1r5-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1r4-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f6-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f6-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f5-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f2-s15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f2-s14scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:15.1

Trust: 0.3

vendor:junipermodel:junos os 14.2r7-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.2r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.2r3-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:14.2

Trust: 0.3

vendor:junipermodel:junos os 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:14.1x53

Trust: 0.3

vendor:junipermodel:junos os 14.1x50-d90scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:14.1

Trust: 0.3

vendor:junipermodel:junos os 12.3x50-d42scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:12.3x50

Trust: 0.3

vendor:junipermodel:junos os 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:12.3x48

Trust: 0.3

vendor:junipermodel:junos os 12.3r9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.3r12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.3r11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.3r10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos os 12.1x46-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.1x46-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos os 17.1r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 16.1x65-d45scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 16.1r5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 16.1r4-s6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 15.1r7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 15.1r5-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f6-s8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f5-s8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 15.1f2-s17scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 14.2r8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 14.2r7-s9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 14.1x53-d46scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 14.1x53-d107scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 14.1r8-s5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 12.3x48-d55scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 12.3r12-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 12.1x46-d71scope:neversion: -

Trust: 0.3

sources: BID: 104714 // JVNDB: JVNDB-2018-001469 // CNNVD: CNNVD-201711-912 // NVD: CVE-2018-0007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0007
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0007
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201711-912
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118209
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0007
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0007
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118209
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0007
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118209 // VULMON: CVE-2018-0007 // JVNDB: JVNDB-2018-001469 // CNNVD: CNNVD-201711-912 // NVD: CVE-2018-0007

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-77

Trust: 1.1

sources: VULHUB: VHN-118209 // JVNDB: JVNDB-2018-001469 // NVD: CVE-2018-0007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-912

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-912

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001469

PATCH
title:JSA10830url:https://kb.juniper.net/JSA10830
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-001469

EXTERNAL IDS
db:NVDid:CVE-2018-0007
Trust: 2.9
db:JUNIPERid:JSA10830
Trust: 2.1
db:SECTRACKid:1040181
Trust: 1.8
db:JVNDBid:JVNDB-2018-001469
Trust: 0.8
db:CNNVDid:CNNVD-201711-912
Trust: 0.7
db:BIDid:104714
Trust: 0.4
db:VULHUBid:VHN-118209
Trust: 0.1
db:VULMONid:CVE-2018-0007
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118209 // 
            
            
            
            VULMON: CVE-2018-0007 // 
            
            
            
            BID: 104714 // 
            
            
            
            JVNDB: JVNDB-2018-001469 // 
            
            
            
            CNNVD: CNNVD-201711-912 // 
            
            
            
            NVD: CVE-2018-0007

REFERENCES
url:https://kb.juniper.net/jsa10830
Trust: 1.8
url:http://www.securitytracker.com/id/1040181
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0007
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0007
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10830&cat=sirt_1&actp=list 2018-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=56471
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118209 // 
            
            
            
            VULMON: CVE-2018-0007 // 
            
            
            
            BID: 104714 // 
            
            
            
            JVNDB: JVNDB-2018-001469 // 
            
            
            
            CNNVD: CNNVD-201711-912 // 
            
            
            
            NVD: CVE-2018-0007

CREDITS
UK's National Cyber Security Centre (NCSC)
Trust: 0.3
sources:
            
            
            BID: 104714

SOURCES
db:VULHUBid:VHN-118209
db:VULMONid:CVE-2018-0007
db:BIDid:104714
db:JVNDBid:JVNDB-2018-001469
db:CNNVDid:CNNVD-201711-912
db:NVDid:CVE-2018-0007

LAST UPDATE DATE
2024-11-23T23:08:48.205000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118209date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-0007date:2020-08-24T00:00:00
db:BIDid:104714date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001469date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201711-912date:2020-10-22T00:00:00
db:NVDid:CVE-2018-0007date:2024-11-21T03:37:20.637

SOURCES RELEASE DATE
db:VULHUBid:VHN-118209date:2018-01-10T00:00:00
db:VULMONid:CVE-2018-0007date:2018-01-10T00:00:00
db:BIDid:104714date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001469date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201711-912date:2017-11-22T00:00:00
db:NVDid:CVE-2018-0007date:2018-01-10T22:29:01.180