Juniper Junos VLAN Authentication Authentication Request resource management

Summaryinfo

A vulnerability, which was classified as problematic, was found in Juniper Junos. The affected element is an unknown function of the component VLAN Authentication Handler. Such manipulation as part of Authentication Request leads to resource management. This vulnerability is uniquely identified as CVE-2018-0006. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

Detailsinfo

A vulnerability was found in Juniper Junos (Router Operating System) (affected version not known) and classified as problematic. Affected by this issue is some unknown functionality of the component VLAN Authentication Handler. The manipulation as part of a Authentication Request leads to a resource management vulnerability. Using CWE to declare the problem leads to CWE-399. Impacted is availability. CVE summarizes:

A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2.

The bug was discovered 01/10/2018. The weakness was disclosed 01/10/2018 (Website). The advisory is available at kb.juniper.net. This vulnerability is handled as CVE-2018-0006 since 11/16/2017. The attack can only be initiated within the local network. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available.

The vulnerability scanner Nessus provides a plugin with the ID 106391 (Juniper Junos VLAN authentication processing DoS (JSA10834)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Junos Local Security Checks and running in the context c. The commercial vulnerability scanner Qualys is able to test this issue with plugin 43623 (Juniper Junos OS bbe-smgd process Denial of service Vulnerability (JSA10834)).

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (106391). The entries VDB-111724, VDB-111723, VDB-111720 and VDB-111719 are pretty similar. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Router Operating System

Vendor

• Juniper

Name

• Junos

License

• commercial

Website

• Vendor: https://www.juniper.net/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion