CVE-2018-0027
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 16.1 < 16.1R3 | affected |
| Juniper Networks | Junos OS | all < 16.1R1 | unaffected |
Weaknesses
- denial of service
Workarounds
Only enable RSVP on specific trusted interfaces as required for MPLS.
ADP Enrichment
CVE Program Container
Additional References
- https://kb.juniper.net/JSA10861
- http://www.securitytracker.com/id/1041318
- http://www.securityfocus.com/bid/104721
References
- https://kb.juniper.net/JSA10861
- http://www.securitytracker.com/id/1041318
- http://www.securityfocus.com/bid/104721
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.