CVE-2018-0056 in Junos
Summary
by MITRE
If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon (L2ALD) daemon might crash when attempting to delete the duplicate MAC address when the particular entry is not found in the internal MAC address table. This issue only occurs on MX Series devices with l2-backhaul VPN configured. No other products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S1 on MX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6 on MX Series; 16.2 versions prior to 16.2R2-S7 on MX Series; 17.1 versions prior to 17.1R2-S9 on MX Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S1 on MX Series; 17.4 versions prior to 17.4R1-S5 on MX Series; 18.1 versions prior to 18.1R2 on MX Series.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/25/2023
This vulnerability affects Juniper Networks MX Series routers running specific versions of Junos OS where l2-backhaul VPN configurations are implemented. The issue manifests when duplicate MAC addresses are learned across different interfaces within the same device, creating a scenario where the Layer 2 Address Learning Daemon (L2ALD) experiences a crash condition during cleanup operations. The technical flaw occurs specifically during the deletion process of duplicate MAC address entries when the system attempts to remove an entry that is no longer present in the internal MAC address table, leading to a daemon crash that disrupts normal network operations.
The operational impact of this vulnerability is significant for network infrastructure relying on MX Series devices with l2-backhaul VPN configurations. When the L2ALD daemon crashes, it results in temporary disruption of Layer 2 forwarding functionality, potentially causing network connectivity issues and service degradation. The vulnerability represents a denial-of-service condition that affects the stability of the routing platform, particularly in environments where multiple interfaces handle the same MAC addresses, which is common in complex network topologies. This issue falls under CWE-248, an unspecified flaw in the software, and aligns with ATT&CK technique T1499.004 for network denial of service attacks.
Network administrators should prioritize patching affected devices to prevent potential service disruptions, as the vulnerability only impacts MX Series devices with specific Junos OS versions and l2-backhaul VPN configurations. The affected releases span multiple version branches including 15.1, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, and 18.1, requiring careful version management and deployment planning. Mitigation strategies should include immediate upgrade to patched versions, monitoring of L2ALD daemon status, and implementation of network segmentation to reduce the likelihood of duplicate MAC address scenarios. The vulnerability demonstrates the importance of proper error handling in network daemon processes and highlights the need for robust memory management in routing software implementations. Organizations should also consider implementing monitoring solutions that can detect daemon crashes and automatically trigger recovery procedures to minimize service impact during potential vulnerability exploitation.