CVE-2018-0057
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
Summary
On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 15.1 < 15.1R7-S2, 15.1R8 | affected |
| Juniper Networks | Junos OS | 16.1 < 16.1R4-S12, 16.1R7-S2, 16.1R8 | affected |
| Juniper Networks | Junos OS | 16.2 < 16.2R2-S7, 16.2R3 | affected |
| Juniper Networks | Junos OS | 17.1 < 17.1R2-S9, 17.1R3 | affected |
| Juniper Networks | Junos OS | 17.2 < 17.2R1-S7, 17.2R2-S6, 17.2R3 | affected |
| Juniper Networks | Junos OS | 17.3 < 17.3R2-S4, 17.3R3 | affected |
| Juniper Networks | Junos OS | 17.4 < 17.4R2 | affected |
| Juniper Networks | Junos OS | 18.1 < 18.1R2-S3, 18.1R3 | affected |
Weaknesses
- Information disclosure
- Denial of service
Workarounds
There are no viable workarounds for this issue
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.