CVE-2018-0062

Summary

A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS12.1X46 < 12.1X46-D77affected
Juniper NetworksJunos OS12.3X48 < 12.3X48-D60affected
Juniper NetworksJunos OS15.1X49 < 15.1X49-D120affected
Juniper NetworksJunos OS15.1F6affected
Juniper NetworksJunos OS12.3 < 12.3R12-S10affected
Juniper NetworksJunos OS15.1 < 15.1R7affected
Juniper NetworksJunos OS16.1 < 16.1R6affected
Juniper NetworksJunos OS16.2 < 16.2R2-S6, 16.2R3affected
Juniper NetworksJunos OS17.1 < 17.1R2-S6, 17.1R3affected
Juniper NetworksJunos OS17.2 < 17.2R3affected
Juniper NetworksJunos OS17.3 < 17.3R2affected
Juniper NetworksJunos OS15.1X53 < 15.1X53-D59affected
Juniper NetworksJunos OS15.1X53 < 15.1X53-D67affected
Juniper NetworksJunos OS15.1X53 < 15.1X53-D234affected
Juniper NetworksJunos OS15.1X53 < 15.1X53-D470, 15.1X53-D495affected

Weaknesses

  • Denial of Service

Workarounds

Limit access to J-Web from only trusted hosts, networks and administrators.

ADP Enrichment

CVE Program Container

Additional References

References