Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2018-0007

CVE information

Published

6 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

Critical

Impact Analysis

Share

Description

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue..

CVSSv2.0 Score

Severity
High
Base Score
10/10
Exploit Score
10/10
Access Vector
Network
Access Complexity
Low
Authentication Required
None
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

CVSSv3.1 Score

Severity
Critical
Base Score
9.8/10
Exploit Score
3.9/10
Access Vector
Network
Access Complexity
Low
Privileges Required
None
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:juniper:junos:12.1x46:d60:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d65:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.1x46:d55:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r9:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3:r8:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3x48:d35:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3x48:d50:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3x48:d45:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:12.3x48:d40:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:r4:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:r3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:r8:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:r9:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:r7:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:r6:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1:r5:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d45:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d40:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.2:r1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.2:r2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.2:r3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.2:r6:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.2:r7:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.2:r4:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:14.2:r5:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1:r7:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1:f7:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d50:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d70:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d80:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d60:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d35:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d45:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d75:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d65:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d40:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x49:d55:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d62:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d63:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d210:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d60:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53:d61:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:16.1x65:d30:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:16.1x65:d35:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:16.1x65:d40:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*
  Yes
- -

References