First published: Wed Oct 10 2018(Updated: )
Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a prolonged denial of service. This issue may occur when the Junos OS device is configured for Draft-Rosen multicast virtual private network (MVPN). The VPN is multicast-enabled and configured to use Protocol Independent Multicast (PIM) protocol within the VPN. This issue can only be exploited from the PE device within the MPLS domain which is capable of forwarding IP multicast traffic in core. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. No other Juniper Networks products or platforms are affected by this issue.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Junos OS Evolved | =12.1x46 | |
Junos OS Evolved | =12.1x46-d10 | |
Junos OS Evolved | =12.1x46-d15 | |
Junos OS Evolved | =12.1x46-d20 | |
Junos OS Evolved | =12.1x46-d25 | |
Junos OS Evolved | =12.1x46-d30 | |
Junos OS Evolved | =12.1x46-d35 | |
Junos OS Evolved | =12.1x46-d40 | |
Junos OS Evolved | =12.1x46-d45 | |
Junos OS Evolved | =12.1x46-d50 | |
Junos OS Evolved | =12.1x46-d55 | |
Junos OS Evolved | =12.1x46-d60 | |
Juniper SRX100 | ||
Juniper SRX110 | ||
Juniper SRX1500 | ||
Juniper SRX210 | ||
Juniper SRX220 | ||
Juniper SRX240M | ||
Juniper SRX300 | ||
Juniper SRX320 | ||
Juniper SRX340 | ||
Juniper SRX345 | ||
Juniper SRX4100 | ||
Juniper SRX4200 | ||
Juniper SRX4600 | ||
Juniper SRX550 | ||
Juniper SRX650 | ||
Junos OS Evolved | =12.3 | |
Junos OS Evolved | =12.3-r1 | |
Junos OS Evolved | =12.3-r11 | |
Junos OS Evolved | =12.3-r2 | |
Junos OS Evolved | =12.3-r3 | |
Junos OS Evolved | =12.3-r4 | |
Junos OS Evolved | =12.3-r5 | |
Junos OS Evolved | =12.3-r6 | |
Junos OS Evolved | =12.3-r7 | |
Junos OS Evolved | =12.3-r8 | |
Junos OS Evolved | =12.3-r9 | |
Junos OS Evolved | =12.3x48 | |
Junos OS Evolved | =12.3x48-d10 | |
Junos OS Evolved | =12.3x48-d15 | |
Junos OS Evolved | =12.3x48-d25 | |
Junos OS Evolved | =12.3x48-d30 | |
Junos OS Evolved | =12.3x48-d35 | |
Junos OS Evolved | =12.3x48-d40 | |
Junos OS Evolved | =12.3x48-d45 | |
Junos OS Evolved | =12.3x48-d50 | |
Junos OS Evolved | =12.3x48-d55 | |
Junos OS Evolved | =12.3x48-d60 | |
Junos OS Evolved | =12.3x48-d65 | |
Junos OS Evolved | =15.1 | |
Junos OS Evolved | =15.1-f3 | |
Junos OS Evolved | =15.1-f4 | |
Junos OS Evolved | =15.1-f5 | |
Junos OS Evolved | =15.1-r1 | |
Junos OS Evolved | =15.1-r2 | |
Junos OS Evolved | =15.1-r3 | |
Junos OS Evolved | =15.1-f6 | |
Junos OS Evolved | =15.1x49 | |
Junos OS Evolved | =15.1x49-d10 | |
Junos OS Evolved | =15.1x49-d100 | |
Junos OS Evolved | =15.1x49-d110 | |
Junos OS Evolved | =15.1x49-d120 | |
Junos OS Evolved | =15.1x49-d130 | |
Junos OS Evolved | =15.1x49-d20 | |
Junos OS Evolved | =15.1x49-d30 | |
Junos OS Evolved | =15.1x49-d35 | |
Junos OS Evolved | =15.1x49-d40 | |
Junos OS Evolved | =15.1x49-d45 | |
Junos OS Evolved | =15.1x49-d50 | |
Junos OS Evolved | =15.1x49-d55 | |
Junos OS Evolved | =15.1x49-d60 | |
Junos OS Evolved | =15.1x49-d65 | |
Junos OS Evolved | =15.1x49-d70 | |
Junos OS Evolved | =15.1x49-d75 | |
Junos OS Evolved | =15.1x49-d80 | |
Junos OS Evolved | =15.1x49-d90 | |
Junos OS Evolved | =15.1x53 | |
Junos OS Evolved | =15.1x53-d20 | |
Junos OS Evolved | =15.1x53-d21 | |
Junos OS Evolved | =15.1x53-d25 | |
Junos OS Evolved | =15.1x53-d30 | |
Junos OS Evolved | =15.1x53-d32 | |
Junos OS Evolved | =15.1x53-d33 | |
Junos OS Evolved | =15.1x53-d34 | |
Junos OS Evolved | =15.1x53-d40 | |
Junos OS Evolved | =15.1x53-d45 | |
Junos OS Evolved | =15.1x53-d50 | |
Junos OS Evolved | =15.1x53-d51 | |
Junos OS Evolved | =15.1x53-d52 | |
Junos OS Evolved | =15.1x53-d55 | |
Junos OS Evolved | =15.1x53-d57 | |
Junos OS Evolved | =15.1x53-d58 | |
Juniper EX2300-24T | ||
Juniper EX3400 | ||
Junos OS Evolved | =15.1x53-d60 | |
Junos OS Evolved | =15.1x53-d61 | |
Junos OS Evolved | =15.1x53-d62 | |
Junos OS Evolved | =15.1x53-d63 | |
Junos OS Evolved | =15.1x53-d64 | |
Junos OS Evolved | =15.1x53-d65 | |
Junos OS Evolved | =15.1x53-d66 | |
Juniper Networks QFX-Series | ||
Junos OS Evolved | =15.1x53-d210 | |
Junos OS Evolved | =15.1x53-d230 | |
Junos OS Evolved | =15.1x53-d231 | |
Junos OS Evolved | =15.1x53-d232 | |
Juniper QFX5110 | ||
Juniper QFX5200-32C | ||
Junos OS Evolved | =15.1x53-d490 | |
Juniper NFX | ||
Juniper NFX | ||
Junos OS Evolved | =16.1 | |
Junos OS Evolved | =16.1-r1 | |
Junos OS Evolved | =16.1-r2 | |
Junos OS Evolved | =16.1-r3 | |
Junos OS Evolved | =16.2 | |
Junos OS Evolved | =16.2-r1 | |
Junos OS Evolved | =17.1 | |
Junos OS Evolved | =17.2 | |
Junos OS Evolved | =17.2-r1 | |
Junos OS Evolved | =17.2-r2 | |
Junos OS Evolved | =17.3 | |
Junos OS Evolved | =17.3-r1 | |
Junos OS Evolved | =17.4 | |
Junos OS Evolved | =18.1 | |
Junos OS Evolved | =18.1-r1 |
The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R2-S4, 17.2R3, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5 and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0045 has been classified as a critical vulnerability due to its potential for remote code execution and disruption of the routing protocol daemon.
To fix CVE-2018-0045, you should upgrade to the latest patched version of Juniper JUNOS that addresses this vulnerability.
Affected versions include several releases of Juniper JUNOS from 12.1x46 to 18.1, specifically those mentioned within the CVE description.
CVE-2018-0045 can lead to crashes of the RPD process and potentially allow an attacker to execute arbitrary code remotely.
You can check for vulnerability by verifying if your device is running one of the mentioned affected versions of Juniper JUNOS.