cnvd - cnvd-2018-02839

cnvd-2018-02839

Vulnerability from cnvd

Title: Juniper Networks Junos OS拒绝服务漏洞（CNVD-2018-02839）

Description:

Juniper SRX Series和MX Series with Service PIC都是美国瞻博网络（Juniper Networks）公司的防火墙设备。Junos OS是运行在其中的一套操作系统。

带有Service PIC的Juniper SRX Series和MX Series设备中的Junos OS存在拒绝服务漏洞。当ALG被打开时，攻击者可借助特制的TCP/IP响应数据包利用该漏洞造成拒绝服务（内存破坏和flowd守护进程崩溃）。

Severity: 高

Patch Name: Juniper Networks Junos OS拒绝服务漏洞（CNVD-2018-02839）的补丁

Patch Description:

Juniper SRX Series和MX Series with Service PIC都是美国瞻博网络（Juniper Networks）公司的防火墙设备。Junos OS是运行在其中的一套操作系统。

带有Service PIC的Juniper SRX Series和MX Series设备中的Junos OS存在拒绝服务漏洞。当ALG被打开时，攻击者可借助特制的TCP/IP响应数据包利用该漏洞造成拒绝服务（内存破坏和flowd守护进程崩溃）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10829&actp=METADATA

Reference: https://kb.juniper.net/JSA10829

Impacted products

Name
['Juniper Networks Juniper SRX Series 12.1X46', 'Juniper Networks Juniper SRX Series 12.3X48', 'Juniper Networks Juniper SRX Series 15.1X49', 'Juniper Networks Juniper MX Series with Service 14.1', 'Juniper Networks Juniper MX Series with Service 14.2', 'Juniper Networks Juniper MX Series with Service 15.1', 'Juniper Networks Juniper MX Series with Service 16.1', 'Juniper Networks Juniper MX Series with Service 16.2', 'Juniper Networks Juniper MX Series with Service 17.1']

Name

['Juniper Networks Juniper SRX Series 12.1X46', 'Juniper Networks Juniper SRX Series 12.3X48', 'Juniper Networks Juniper SRX Series 15.1X49', 'Juniper Networks Juniper MX Series with Service 14.1', 'Juniper Networks Juniper MX Series with Service 14.2', 'Juniper Networks Juniper MX Series with Service 15.1', 'Juniper Networks Juniper MX Series with Service 16.1', 'Juniper Networks Juniper MX Series with Service 16.2', 'Juniper Networks Juniper MX Series with Service 17.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0002"
    }
  },
  "description": "Juniper SRX Series\u548cMX Series with Service PIC\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u9632\u706b\u5899\u8bbe\u5907\u3002Junos OS\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u5e26\u6709Service PIC\u7684Juniper SRX Series\u548cMX Series\u8bbe\u5907\u4e2d\u7684Junos OS\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53ALG\u88ab\u6253\u5f00\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684TCP/IP\u54cd\u5e94\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\u548cflowd\u5b88\u62a4\u8fdb\u7a0b\u5d29\u6e83\uff09\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10829\u0026actp=METADATA",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-02839",
  "openTime": "2018-02-06",
  "patchDescription": "Juniper SRX Series\u548cMX Series with Service PIC\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u9632\u706b\u5899\u8bbe\u5907\u3002Junos OS\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u5e26\u6709Service PIC\u7684Juniper SRX Series\u548cMX Series\u8bbe\u5907\u4e2d\u7684Junos OS\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53ALG\u88ab\u6253\u5f00\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684TCP/IP\u54cd\u5e94\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\u548cflowd\u5b88\u62a4\u8fdb\u7a0b\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Networks Junos OS\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-02839\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks Juniper SRX Series 12.1X46",
      "Juniper Networks Juniper SRX Series  12.3X48",
      "Juniper Networks Juniper SRX Series  15.1X49",
      "Juniper Networks Juniper MX Series with Service  14.1",
      "Juniper Networks Juniper MX Series with Service  14.2",
      "Juniper Networks Juniper MX Series with Service  15.1",
      "Juniper Networks Juniper MX Series with Service  16.1",
      "Juniper Networks Juniper MX Series with Service  16.2",
      "Juniper Networks Juniper MX Series with Service  17.1"
    ]
  },
  "referenceLink": "https://kb.juniper.net/JSA10829",
  "serverity": "\u9ad8",
  "submitTime": "2018-01-17",
  "title": "Juniper Networks Junos OS\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-02839\uff09"
}

CVE-2018-0002 (GCVE-0-2018-0002)

Vulnerability from cvelistv5

Published

2018-01-10 22:00

Modified

2024-09-16 23:35

Severity ?

8.2 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

denial of service

Summary

On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1040178	vdb-entry, x_refsource_SECTRACK
	https://kb.juniper.net/JSA10829	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Juniper Networks

Junos OS

Version: 12.1X46   < 12.1X46-D60
Version: 12.3X48   < 12.3X48-D35
Version: 15.1X49   < 15.1X49-D60

Juniper Networks

Junos OS

Version: 14.1   < 14.1R9
Version: 14.2   < 14.2R8
Version: 15.1   < 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7
Version: 16.1   < 16.1R6
Version: 16.2   < 16.2R3
Version: 17.1   < 17.1R2-S4, 17.1R3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.002Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040178",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040178"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10829"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "SRX series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "12.1X46-D60",
              "status": "affected",
              "version": "12.1X46",
              "versionType": "custom"
            },
            {
              "lessThan": "12.3X48-D35",
              "status": "affected",
              "version": "12.3X48",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X49-D60",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "MX series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "14.1R9",
              "status": "affected",
              "version": "14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "14.2R8",
              "status": "affected",
              "version": "14.2",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R6",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.2R3",
              "status": "affected",
              "version": "16.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1R2-S4, 17.1R3",
              "status": "affected",
              "version": "17.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue affects any enabled IPv4 ALG."
        },
        {
          "lang": "en",
          "value": "This issue only affects IPv4. This issue does not affect IPv6."
        },
        {
          "lang": "en",
          "value": "This issue affects unicast traffic only."
        }
      ],
      "datePublic": "2018-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-14T10:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "name": "1040178",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040178"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10829"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D60, 12.3X48-D35, 14.1R9, 14.2R8, 15.1X49-D60, 15.1R5-S8, 15.1R6-S4, 15.1F6-S9, 15.1R7, 16.1R6, 16.2R3, 17.1R2-S4, 17.1R3, 17.2R1 and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10829",
        "defect": [
          "1183181"
        ],
        "discovery": "USER"
      },
      "title": "MX series, SRX series: Junos OS:  Denial of service vulnerability in Flowd on devices with ALG enabled.",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable IPv4 ALG\u0027s on affected devices."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2018-01-10T17:00:00.000Z",
          "ID": "CVE-2018-0002",
          "STATE": "PUBLIC",
          "TITLE": "MX series, SRX series: Junos OS:  Denial of service vulnerability in Flowd on devices with ALG enabled."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "platform": "SRX series",
                            "version_affected": "\u003c",
                            "version_name": "12.1X46",
                            "version_value": "12.1X46-D60"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "SRX series",
                            "version_affected": "\u003c",
                            "version_name": "12.3X48",
                            "version_value": "12.3X48-D35"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "MX series",
                            "version_affected": "\u003c",
                            "version_name": "14.1",
                            "version_value": "14.1R9"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "MX series",
                            "version_affected": "\u003c",
                            "version_name": "14.2",
                            "version_value": "14.2R8"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "SRX series",
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D60"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "MX series",
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "MX series",
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R6"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "MX series",
                            "version_affected": "\u003c",
                            "version_name": "16.2",
                            "version_value": "16.2R3"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "MX series",
                            "version_affected": "\u003c",
                            "version_name": "17.1",
                            "version_value": "17.1R2-S4, 17.1R3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue affects any enabled IPv4 ALG."
          },
          {
            "lang": "en",
            "value": "This issue only affects IPv4. This issue does not affect IPv6."
          },
          {
            "lang": "en",
            "value": "This issue affects unicast traffic only."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040178",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040178"
            },
            {
              "name": "https://kb.juniper.net/JSA10829",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10829"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D60, 12.3X48-D35, 14.1R9, 14.2R8, 15.1X49-D60, 15.1R5-S8, 15.1R6-S4, 15.1F6-S9, 15.1R7, 16.1R6, 16.2R3, 17.1R2-S4, 17.1R3, 17.2R1 and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA10829",
          "defect": [
            "1183181"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable IPv4 ALG\u0027s on affected devices."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2018-0002",
    "datePublished": "2018-01-10T22:00:00Z",
    "dateReserved": "2017-11-16T00:00:00",
    "dateUpdated": "2024-09-16T23:35:33.743Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted