CVE-2018-0031

Summary

Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS12.1X46 < 12.1X46-D76affected
Juniper NetworksJunos OS12.3X48 < 12.3X48-D66, 12.3X48-D70affected
Juniper NetworksJunos OS15.1X49 < 15.1X49-D131, 15.1X49-D140affected
Juniper NetworksJunos OS12.3 < 12.3R12-S10affected
Juniper NetworksJunos OS15.1 < 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7affected
Juniper NetworksJunos OS16.1 < 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7affected
Juniper NetworksJunos OS16.2 < 16.2R1-S6, 16.2R2-S5, 16.2R3affected
Juniper NetworksJunos OS17.1 < 17.1R1-S7, 17.1R2-S7, 17.1R3affected
Juniper NetworksJunos OS17.2 < 17.2R1-S6, 17.2R2-S4, 17.2R3affected
Juniper NetworksJunos OS17.2X75 < 17.2X75-D100affected
Juniper NetworksJunos OS17.3 < 17.3R1-S4, 17.3R2-S2, 17.3R3affected
Juniper NetworksJunos OS17.4 < 17.4R1-S3, 17.4R2affected
Juniper NetworksJunos OS18.1 < 18.1R2affected
Juniper NetworksJunos OS18.2X75 < 18.2X75-D5affected
Juniper NetworksJunos OS14.1X53 < 14.1X53-D47affected
Juniper NetworksJunos OS15.1X53 < 15.1X53-D59affected
Juniper NetworksJunos OS15.1X53 < 15.1X53-D67affected
Juniper NetworksJunos OS15.1X53 < 15.1X53-D233affected
Juniper NetworksJunos OS15.1X53 < 15.1X53-D471, 15.1X53-D490affected

Weaknesses

  • Firewall bypass
  • Denial of Service

Workarounds

There are no viable workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References