Vulnerability-Lookup

BDU:2018-01355

Vulnerability from fstec - Published: 10.10.2018

Title

Уязвимость операционной системы JunOS коммутаторов Juniper серий QFX5000 и EX4600, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость операционной системы JunOS коммутаторов Juniper серий QFX5000 и EX4600 связана с ошибками обработки входных данных. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Juniper Networks Inc.

Software Name

JunOS

Software Version

до 14.1X53-D47 (JunOS), до 15.1R7 (JunOS), до 15.1R8 (JunOS), до 15.1X53-D233 (JunOS), до 16.1R7 (JunOS), до 16.2R3 (JunOS), до 17.1R2-S9 (JunOS), до 17.1R3 (JunOS), до 17.2R2-S6 (JunOS), до 17.2R3 (JunOS), до 17.2X75-D42 (JunOS), до 17.3R3 (JunOS), до 17.4R2 (JunOS), до 18.1R2 (JunOS)

Possible Mitigations

Использование рекомендаций: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10888&actp=METADATA

Reference

http://www.securitytracker.com/id/1041855 https://kb.juniper.net/JSA10888

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 14.1X53-D47 (JunOS), \u0434\u043e 15.1R7 (JunOS), \u0434\u043e 15.1R8 (JunOS), \u0434\u043e 15.1X53-D233 (JunOS), \u0434\u043e 16.1R7 (JunOS), \u0434\u043e 16.2R3 (JunOS), \u0434\u043e 17.1R2-S9 (JunOS), \u0434\u043e 17.1R3 (JunOS), \u0434\u043e 17.2R2-S6 (JunOS), \u0434\u043e 17.2R3 (JunOS), \u0434\u043e 17.2X75-D42 (JunOS), \u0434\u043e 17.3R3 (JunOS), \u0434\u043e 17.4R2 (JunOS), \u0434\u043e 18.1R2 (JunOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: \nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10888\u0026actp=METADATA",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.10.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.06.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.11.2018",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-01355",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-0054",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "JunOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Juniper Networks Inc. JunOS \u0434\u043e 14.1X53-D47 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 14.1X53-D47 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 15.1R7 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 15.1R7 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 15.1R8 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 15.1R8 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 15.1X53-D233 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 15.1X53-D233 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 16.1R7 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 16.1R7 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 16.2R3 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 16.2R3 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 17.1R2-S9 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 17.1R2-S9 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 17.1R3 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 17.1R3 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 17.2R2-S6 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 17.2R2-S6 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 17.2R3 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 17.2R3 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 17.2X75-D42 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 17.2X75-D42 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 17.3R3 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 17.3R3 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 17.4R2 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 17.4R2 EX4600, Juniper Networks Inc. JunOS \u0434\u043e 18.1R2 QFX 5000 series, Juniper Networks Inc. JunOS \u0434\u043e 18.1R2 EX4600",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b JunOS \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u0432 Juniper \u0441\u0435\u0440\u0438\u0439 QFX5000 \u0438 EX4600, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b JunOS \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u0432 Juniper \u0441\u0435\u0440\u0438\u0439 QFX5000 \u0438 EX4600 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.securitytracker.com/id/1041855 \nhttps://kb.juniper.net/JSA10888",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CVE-2018-0054 (GCVE-0-2018-0054)

Vulnerability from cvelistv5 – Published: 2018-10-10 18:00 – Updated: 2024-09-16 19:01

Title

QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames

Summary

On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Denial of service

Assigner

juniper

References

URL

Tags

	https://kb.juniper.net/JSA10888	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041855	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: 14.1X53 , < 14.1X53-D47 (custom) Affected: 15.1 , < 15.1R7, 15.1R8 (custom) Affected: 15.1X53 , < 15.1X53-D233 (custom) Affected: 16.1 , < 16.1R7 (custom) Affected: 16.2 , < 16.2R3 (custom) Affected: 17.1 , < 17.1R2-S9, 17.1R3 (custom) Affected: 17.2 , < 17.2R2-S6, 17.2R3 (custom) Affected: 17.2X75 , < 17.2X75-D42 (custom) Affected: 17.3 , < 17.3R3 (custom) Affected: 17.4 , < 17.4R2 (custom) Affected: 18.1 , < 18.1R2 (custom)

Date Public ?

2018-10-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10888"
          },
          {
            "name": "1041855",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041855"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "QFX5000 Series and EX4600"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "14.1X53-D47",
              "status": "affected",
              "version": "14.1X53",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1R7, 15.1R8",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X53-D233",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R7",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.2R3",
              "status": "affected",
              "version": "16.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1R2-S9, 17.1R3",
              "status": "affected",
              "version": "17.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2R2-S6, 17.2R3",
              "status": "affected",
              "version": "17.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2X75-D42",
              "status": "affected",
              "version": "17.2X75",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R3",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R2",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-10-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T09:57:01.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10888"
        },
        {
          "name": "1041855",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041855"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D47, 15.1R7, 15.1R8, 15.1X53-D233, 16.1R7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R2-S6, 17.2R3, 17.2X75-D42, 17.3R3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10888",
        "defect": [
          "1343597"
        ],
        "discovery": "USER"
      },
      "title": "QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames",
      "workarounds": [
        {
          "lang": "en",
          "value": "For BGP, configure \u0027ether-options no-flow-control\u0027 on the BGP interface."
        },
        {
          "lang": "en",
          "value": "Configure the lossless percentage of ingress shared buffer pool to be greater than the egress shared buffer pool.  For example:\n\n  [edit class-of-service shared-buffer]\n  user@switch# set ingress buffer-partition lossless percent \u003cpercent\u003e\n  user@switch# set egress buffer-partition lossless percent \u003cpercent\u003e"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
          "ID": "CVE-2018-0054",
          "STATE": "PUBLIC",
          "TITLE": "QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "14.1X53",
                            "version_value": "14.1X53-D47"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1R7, 15.1R8"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D233"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R7"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "16.2",
                            "version_value": "16.2R3"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "17.1",
                            "version_value": "17.1R2-S9, 17.1R3"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "17.2",
                            "version_value": "17.2R2-S6, 17.2R3"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "17.2X75",
                            "version_value": "17.2X75-D42"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5000 Series and EX4600",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10888",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10888"
            },
            {
              "name": "1041855",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041855"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D47, 15.1R7, 15.1R8, 15.1X53-D233, 16.1R7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R2-S6, 17.2R3, 17.2X75-D42, 17.3R3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA10888",
          "defect": [
            "1343597"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "For BGP, configure \u0027ether-options no-flow-control\u0027 on the BGP interface."
          },
          {
            "lang": "en",
            "value": "Configure the lossless percentage of ingress shared buffer pool to be greater than the egress shared buffer pool.  For example:\n\n  [edit class-of-service shared-buffer]\n  user@switch# set ingress buffer-partition lossless percent \u003cpercent\u003e\n  user@switch# set egress buffer-partition lossless percent \u003cpercent\u003e"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2018-0054",
    "datePublished": "2018-10-10T18:00:00.000Z",
    "dateReserved": "2017-11-16T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:01:31.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2018-01355

CVE-2018-0054 (GCVE-0-2018-0054)

Tags

Sightings

Nomenclature