Juniper Junos on QFX5000/EX4600 Management Interface ARP Packet resource consumption
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.7 | $0-$5k | 0.00 |
A vulnerability, which was classified as problematic, has been found in Juniper Junos on QFX5000/EX4600 (Router Operating System) (version now known). This issue affects some unknown processing of the component Management Interface. The manipulation as part of a ARP Packet leads to a resource consumption vulnerability. Using CWE to declare the problem leads to CWE-400. The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. Impacted is availability. The summary by CVE is:
On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600.
The bug was discovered 10/10/2018. The weakness was released 10/10/2018 (Website). The advisory is shared at kb.juniper.net. The identification of this vulnerability is CVE-2018-0054 since 11/15/2017. The exploitation is known to be easy. Access to the local network is required for this attack to succeed. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.
Upgrading eliminates this vulnerability.
Product
Type
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.8VulDB Meta Temp Score: 5.7
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔍
CNA Base Score: 6.5
CNA Vector (Juniper Networks, Inc.): 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource consumptionCWE: CWE-400 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/15/2017 🔍10/10/2018 🔍
10/10/2018 🔍
10/10/2018 🔍
10/11/2018 🔍
05/25/2023 🔍
Sources
Vendor: juniper.netAdvisory: kb.juniper.net
Status: Not defined
Confirmation: 🔍
CVE: CVE-2018-0054 (🔍)
SecurityTracker: 1041855
Entry
Created: 10/11/2018 11:30 AMUpdated: 05/25/2023 06:42 AM
Changes: 10/11/2018 11:30 AM (59), 06/04/2020 09:50 AM (2), 05/25/2023 06:30 AM (4), 05/25/2023 06:42 AM (12)
Complete: 🔍
Cache ID: 98:4E8:40
No comments yet. Languages: en.
Please log in to comment.