Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-0031
PUBLISHED
More InfoOfficial Page
Assigner-juniper
Assigner Org ID-8cbe9d5a-a066-4c94-8978-4b15efeae968
View Known Exploited Vulnerability (KEV) details
Published At-11 Jul, 2018 | 18:00
Updated At-17 Sep, 2024 | 02:21
Rejected At-
▼CVE Numbering Authority (CNA)
Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules

Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5.

Affected Products
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • SRX Series
Versions
Affected
  • From 12.1X46 before 12.1X46-D76 (custom)
  • From 12.3X48 before 12.3X48-D66, 12.3X48-D70 (custom)
  • From 15.1X49 before 15.1X49-D131, 15.1X49-D140 (custom)
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Versions
Affected
  • From 12.3 before 12.3R12-S10 (custom)
  • From 15.1 before 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7 (custom)
  • From 16.1 before 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7 (custom)
  • From 16.2 before 16.2R1-S6, 16.2R2-S5, 16.2R3 (custom)
  • From 17.1 before 17.1R1-S7, 17.1R2-S7, 17.1R3 (custom)
  • From 17.2 before 17.2R1-S6, 17.2R2-S4, 17.2R3 (custom)
  • From 17.2X75 before 17.2X75-D100 (custom)
  • From 17.3 before 17.3R1-S4, 17.3R2-S2, 17.3R3 (custom)
  • From 17.4 before 17.4R1-S3, 17.4R2 (custom)
  • From 18.1 before 18.1R2 (custom)
  • From 18.2X75 before 18.2X75-D5 (custom)
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100
Versions
Affected
  • From 14.1X53 before 14.1X53-D47 (custom)
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • EX2300, EX3400
Versions
Affected
  • From 15.1X53 before 15.1X53-D59 (custom)
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • QFX10000 Series
Versions
Affected
  • From 15.1X53 before 15.1X53-D67 (custom)
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • QFX5110, QFX5200
Versions
Affected
  • From 15.1X53 before 15.1X53-D233 (custom)
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • NFX150, NFX250
Versions
Affected
  • From 15.1X53 before 15.1X53-D471, 15.1X53-D490 (custom)
Problem Types
TypeCWE IDDescription
textN/AFirewall bypass
textN/ADenial of Service
Metrics
VersionBase scoreBase severityVector
3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The following software releases have been updated to resolve this specific issue: 12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D100, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases.

Configurations
Workarounds

There are no viable workarounds for this issue.

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Credits
Internet2
The Indiana University GlobalNOC
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.juniper.net/JSA10865
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041326
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.juniper.net/JSA10865
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1041326
vdb-entry
x_refsource_SECTRACK
x_transferred
Details not found