Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0017

A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D72; 12.3X48 versions prior to 12.3X48-D55; 15.1X49 versions prior to 15.1X49-D90.

Published

2018-04-11T19:29:00.337

Last Modified

2024-11-21T03:37:21.987

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	≤ 12.1x46\:d72	Yes
Operating System	juniper	junos	≤ 12.3x48\:d55	Yes
Operating System	juniper	junos	≤ 15.1x49\:d90	Yes

References

http://www.securityfocus.com/bid/103749 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040785 Third Party Advisory, VDB Entry ([email protected])
https://kb.juniper.net/JSA10845 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/103749 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040785 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://kb.juniper.net/JSA10845 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)