CVE-2018-0002
Published: Jan 10, 2018
Modified: Sep 16, 2024
CVSS v3.0
8.2
Description
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue.
| Vendor | Product | Versions |
|---|---|---|
Juniper Networks | Junos OS | affected 12.1X46 - < 12.1X46-D60affected 12.3X48 - < 12.3X48-D35affected 15.1X49 - < 15.1X49-D60 |
Juniper Networks | Junos OS | affected 14.1 - < 14.1R9affected 14.2 - < 14.2R8affected 15.1 - < 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7affected 16.1 - < 16.1R6affected 16.2 - < 16.2R3+1 more versions |
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now