ByteOS Network

CVE Vulnerability Details :

CVE-2018-0019

PUBLISHED

More Info Official Page

Assigner-juniper

Assigner Org ID-8cbe9d5a-a066-4c94-8978-4b15efeae968

Published At-11 Apr, 2018 | 19:00

Updated At-16 Sep, 2024 | 18:18

▼CVE Numbering Authority (CNA)

Junos: Denial of service vulnerability in SNMP MIB-II subagent daemon (mib2d).

A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the SNMP subsystem. While a mib2d process crash can disrupt the network monitoring via SNMP, it does not impact routing, switching or firewall functionalities. SNMP is disabled by default on devices running Junos OS. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S7, 12.3R13; 12.3X48 versions prior to 12.3X48-D65; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D130; 15.1 versions prior to 15.1F2-S20, 15.1F6-S10, 15.1R7; 15.1X49 versions prior to 15.1X49-D130; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66; 16.1 versions prior to 16.1R5-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D47; 16.1X70 versions prior to 16.1X70-D10; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3;

Affected Products

Vendor

Juniper Networks, Inc.

Product

Junos OS

Versions

Affected

From 12.1X46 before 12.1X46-D76 (custom)
From 12.3 before 12.3R12-S7, 12.3R13 (custom)
From 12.3X48 before 12.3X48-D65 (custom)
From 14.1 before 14.1R9 (custom)
From 14.1X53 before 14.1X53-D130 (custom)
From 15.1 before 15.1F2-S20, 15.1F6-S10, 15.1R7 (custom)
From 15.1X49 before 15.1X49-D130 (custom)
From 15.1X53 before 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66 (custom)
From 16.1 before 16.1R5-S3, 16.1R7 (custom)
From 16.1X65 before 16.1X65-D47 (custom)
From 16.1X70 before 16.1X70-D10 (custom)
From 16.2 before 16.2R1-S6, 16.2R2-S5, 16.2R3 (custom)
From 17.1 before 17.1R2-S6, 17.1R3 (custom)

Unaffected

From 17.2 before 17.2* (custom)

Problem Types

Type	CWE ID	Description
text	N/A	denial of service

Metrics

Version	Base score	Base severity	Vector
3.0	5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Solutions

The following software releases have been updated to resolve this specific issue:12.3R12-S7, 12.3R13, 12.3X48-D65, 14.1R9, 14.1X53-D130, 15.1F2-S20, 15.1F6-S10, 15.1R7, 15.1X49-D130, 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66, 16.1R5-S3, 16.1R7, 16.1X65-D47, 16.1X70-D10, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R2-S6, 17.1R3, 17.2R1, and all subsequent releases.

Configurations

This issue only affects systems with SNMP mib2d enabled. SNMP is disabled by default on devices running Junos OS.

Workarounds

Disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts.

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

References

Hyperlink	Resource
https://kb.juniper.net/JSA10847	x_refsource_CONFIRM
http://www.securitytracker.com/id/1040787	vdb-entry x_refsource_SECTRACK

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://kb.juniper.net/JSA10847	x_refsource_CONFIRM x_transferred
http://www.securitytracker.com/id/1040787	vdb-entry x_refsource_SECTRACK x_transferred

Affected Products

Affected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References