CVE-2018-0057 (GCVE-0-2018-0057)

Vulnerability from cvelistv5 – Published: 2018-10-10 18:00 – Updated: 2024-09-17 02:10
VLAI?
Summary
On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.
Severity ?
6.1 (Medium)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
CWE
  • Information disclosure
  • Denial of service
Assigner
References
https://kb.juniper.net/JSA10892 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 15.1 , < 15.1R7-S2, 15.1R8 (custom)
Affected: 16.1 , < 16.1R4-S12, 16.1R7-S2, 16.1R8 (custom)
Affected: 16.2 , < 16.2R2-S7, 16.2R3 (custom)
Affected: 17.1 , < 17.1R2-S9, 17.1R3 (custom)
Affected: 17.2 , < 17.2R1-S7, 17.2R2-S6, 17.2R3 (custom)
Affected: 17.3 , < 17.3R2-S4, 17.3R3 (custom)
Affected: 17.4 , < 17.4R2 (custom)
Affected: 18.1 , < 18.1R2-S3, 18.1R3 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10892"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1R7-S2, 15.1R8",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R4-S12, 16.1R7-S2, 16.1R8",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.2R2-S7, 16.2R3",
              "status": "affected",
              "version": "16.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1R2-S9, 17.1R3",
              "status": "affected",
              "version": "17.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2R1-S7, 17.2R2-S6, 17.2R3",
              "status": "affected",
              "version": "17.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R2-S4, 17.3R3",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R2-S3, 18.1R3",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-10-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T17:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10892"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S2, 15.1R8, 16.1R4-S12, 16.1R7-S2, 16.1R8, 16.2R2-S7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R2-S3, 18.1R3, 18.2R1, 18.3R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10892",
        "defect": [
          "1351334"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address)",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
          "ID": "CVE-2018-0057",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1R7-S2, 15.1R8"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R4-S12, 16.1R7-S2, 16.1R8"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "16.2",
                            "version_value": "16.2R2-S7, 16.2R3"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "17.1",
                            "version_value": "17.1R2-S9, 17.1R3"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "17.2",
                            "version_value": "17.2R1-S7, 17.2R2-S6, 17.2R3"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R2-S4, 17.3R3"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R2-S3, 18.1R3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10892",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10892"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S2, 15.1R8, 16.1R4-S12, 16.1R7-S2, 16.1R8, 16.2R2-S7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R2-S3, 18.1R3, 18.2R1, 18.3R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA10892",
          "defect": [
            "1351334"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2018-0057",
    "datePublished": "2018-10-10T18:00:00Z",
    "dateReserved": "2017-11-16T00:00:00",
    "dateUpdated": "2024-09-17T02:10:54.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD0952C4-FFCC-4A78-ADFC-289BD6E269DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C56E6C3-BBB6-4853-91D9-99C7676D0CD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E0ECBD8-3D66-49DA-A557-5695159F0C06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EAA2998-A0D6-4818-9E7C-25E8099403E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D4ADFC5-D4B8-4A68-95D8-8ADF92C1CFE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*\", \"matchCriteriaId\": \"71D211B9-B2FE-4324-AAEE-8825D5238E48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E6CD065-EC06-4846-BD2A-D3CA7866070F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7620D01-1A6B-490F-857E-0D803E0AEE56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A1545CE-279F-4EE2-8913-8F3B2FAFE7F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*\", \"matchCriteriaId\": \"08FC0245-A4FF-42C0-A236-8569301E351A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*\", \"matchCriteriaId\": \"120EA9E3-788B-4CFD-A74F-17111FFD0131\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AC40ABB-E364-46C9-A904-C0ED02806250\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBE35BDC-7739-4854-8BB8-E8600603DE9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DC47132-9EEA-4518-8F86-5CD231FBFB61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD5A30CE-9498-4007-8E66-FD0CC6CF1836\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D571B57-4F4C-4232-9D3B-B2F7AAAB220B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3661BC68-6F32-447F-8D20-FD73FBBED9C6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50B47EC5-0276-4799-B536-12B33B5F003B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7572C187-4D58-4E0D-A605-B2B13EFF5C6B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:17.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64EB45C0-E3BD-4C0D-9E97-1DB726D66401\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F69A0E5-B61B-405D-B501-9CB306651CEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"38A40E03-F915-4888-87B0-5950F75F097D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"974B6128-ABD2-4D9C-87A1-5F1740DDCB95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"988D317A-0646-491F-9B97-853E8E208276\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBF736F6-ED05-4DC1-96FB-3F35BA5B3EFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0A756E2-C320-405A-B24F-7C5022649E5A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.\"}, {\"lang\": \"es\", \"value\": \"En las plataformas MX Series y M120/M320 configuradas en un entorno Broadband Edge (BBE), los suscriptores que inician sesi\\u00f3n con DHCP Option 50 para solicitar una direcci\\u00f3n IP espec\\u00edfica tendr\\u00e1n asignada la direcci\\u00f3n IP que soliciten, incluso aunque haya un enlace de MAC est\\u00e1tica a direcci\\u00f3n IP en el perfil de acceso. En el escenario de problemas, con una direcci\\u00f3n de hardware y una direcci\\u00f3n IP configurada bajo el grupo address-assignment, si un suscriptor inicia sesi\\u00f3n con DHCP Option 50, \\u00e9ste no recibir\\u00e1 una direcci\\u00f3n disponible del grupo de coincidencias, pero seguir\\u00e1 recibiendo la direcci\\u00f3n IP solicitada. Un suscriptor DHCP malicioso podr\\u00eda ser capaz de emplear esta vulnerabilidad para crear asignaciones de direcciones IP duplicadas, lo que conduce a una denegaci\\u00f3n de servicio (DoS) para los suscriptores v\\u00e1lidos o la divulgaci\\u00f3n de informaci\\u00f3n no autorizada mediante la suplantaci\\u00f3n de asignaciones de direcciones IP. Las versiones afectadas de Juniper Networks Junos OS son: 15.1 en versiones anteriores a la 15.1R7-S2, 15.1R8; 16.1 en versiones anteriores a la 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 en versiones anteriores a la 16.2R2-S7, 16.2R3; 17.1 en versiones anteriores a la 17.1R2-S9, 17.1R3; 17.2 en versiones anteriores a la 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 en versiones anteriores a la 17.3R2-S4, 17.3R3; 17.4 en versiones anteriores a la 17.4R2 y 18.1 en versiones anteriores a la 18.1R2-S3, 18.1R3.\"}]",
      "id": "CVE-2018-0057",
      "lastModified": "2024-11-21T03:37:28.720",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 5.8}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:P\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-10-10T18:29:02.983",
      "references": "[{\"url\": \"https://kb.juniper.net/JSA10892\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA10892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0057\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2018-10-10T18:29:02.983\",\"lastModified\":\"2024-11-21T03:37:28.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.\"},{\"lang\":\"es\",\"value\":\"En las plataformas MX Series y M120/M320 configuradas en un entorno Broadband Edge (BBE), los suscriptores que inician sesi\u00f3n con DHCP Option 50 para solicitar una direcci\u00f3n IP espec\u00edfica tendr\u00e1n asignada la direcci\u00f3n IP que soliciten, incluso aunque haya un enlace de MAC est\u00e1tica a direcci\u00f3n IP en el perfil de acceso. En el escenario de problemas, con una direcci\u00f3n de hardware y una direcci\u00f3n IP configurada bajo el grupo address-assignment, si un suscriptor inicia sesi\u00f3n con DHCP Option 50, \u00e9ste no recibir\u00e1 una direcci\u00f3n disponible del grupo de coincidencias, pero seguir\u00e1 recibiendo la direcci\u00f3n IP solicitada. Un suscriptor DHCP malicioso podr\u00eda ser capaz de emplear esta vulnerabilidad para crear asignaciones de direcciones IP duplicadas, lo que conduce a una denegaci\u00f3n de servicio (DoS) para los suscriptores v\u00e1lidos o la divulgaci\u00f3n de informaci\u00f3n no autorizada mediante la suplantaci\u00f3n de asignaciones de direcciones IP. Las versiones afectadas de Juniper Networks Junos OS son: 15.1 en versiones anteriores a la 15.1R7-S2, 15.1R8; 16.1 en versiones anteriores a la 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 en versiones anteriores a la 16.2R2-S7, 16.2R3; 17.1 en versiones anteriores a la 17.1R2-S9, 17.1R3; 17.2 en versiones anteriores a la 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 en versiones anteriores a la 17.3R2-S4, 17.3R3; 17.4 en versiones anteriores a la 17.4R2 y 18.1 en versiones anteriores a la 18.1R2-S3, 18.1R3.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD0952C4-FFCC-4A78-ADFC-289BD6E269DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C56E6C3-BBB6-4853-91D9-99C7676D0CD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E0ECBD8-3D66-49DA-A557-5695159F0C06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAA2998-A0D6-4818-9E7C-25E8099403E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D4ADFC5-D4B8-4A68-95D8-8ADF92C1CFE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D211B9-B2FE-4324-AAEE-8825D5238E48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E6CD065-EC06-4846-BD2A-D3CA7866070F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7620D01-1A6B-490F-857E-0D803E0AEE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A1545CE-279F-4EE2-8913-8F3B2FAFE7F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"08FC0245-A4FF-42C0-A236-8569301E351A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"120EA9E3-788B-4CFD-A74F-17111FFD0131\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC40ABB-E364-46C9-A904-C0ED02806250\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBE35BDC-7739-4854-8BB8-E8600603DE9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC47132-9EEA-4518-8F86-5CD231FBFB61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD5A30CE-9498-4007-8E66-FD0CC6CF1836\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D571B57-4F4C-4232-9D3B-B2F7AAAB220B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3661BC68-6F32-447F-8D20-FD73FBBED9C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50B47EC5-0276-4799-B536-12B33B5F003B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7572C187-4D58-4E0D-A605-B2B13EFF5C6B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64EB45C0-E3BD-4C0D-9E97-1DB726D66401\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F69A0E5-B61B-405D-B501-9CB306651CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"38A40E03-F915-4888-87B0-5950F75F097D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"974B6128-ABD2-4D9C-87A1-5F1740DDCB95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"988D317A-0646-491F-9B97-853E8E208276\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBF736F6-ED05-4DC1-96FB-3F35BA5B3EFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0A756E2-C320-405A-B24F-7C5022649E5A\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA10892\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.juniper.net/JSA10892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.