CVE-2018-0027

{"id": "CVE-2018-0027", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-07-11T18:29:00.340", "references": [{"url": "http://www.securityfocus.com/bid/104721", "tags": ["Third Party Advisory", "VDB Entry"], "source": "sirt@juniper.net"}, {"url": "http://www.securitytracker.com/id/1041318", "tags": ["Third Party Advisory", "VDB Entry"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA10861", "tags": ["Mitigation", "Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1."}, {"lang": "es", "value": "La recepci\u00f3n de un mensaje RSVP PATH manipulado o mal formado podr\u00eda provocar que el demonio del protocolo de enrutamiento se bloquee o se cierre inesperadamente. Cuando RPD no est\u00e1 disponible, las actualizaciones de enrutamiento no pueden ser procesadas, lo que puede conducir a una ca\u00edda prolongada de la red. Si RSVP no est\u00e1 habilitado en una interfaz, el problema no puede ser desencadenado mediante esa interfaz. Este problema solo afecta a Juniper Networks Junos OS 16.1 en versiones anteriores a 16.1R3. Este problema no afecta a las versiones de Junos anteriores a la 16.1R1."}], "lastModified": "2019-10-09T23:31:01.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D"}, {"criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}