CVE-2018-0016

high-risk

Published 2018-04-11

Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or ES-IS is explicitly configured. Devices with without CLNS enabled are not vulnerable to this issue. Devices with IS-IS configured on the interface are not vulnerable to this issue unless CLNS routing is also enabled. This issue only affects devices running Junos OS 15.1. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5; 15.1X49 versions prior to 15.1X49-D60; 15.1X53 versions prior to 15.1X53-D66, 15.1X53-D233, 15.1X53-D471. Earlier releases are unaffected by this vulnerability, and the issue has been resolved in Junos OS 16.1R1 and all subsequent releases.

Do I need to act?

11.2% chance of exploitation in next 30 days

EPSS score — higher than 89% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Junos

Affected Vendors

Juniper

References (6)

Third Party Advisory http://www.securityfocus.com/bid/103747

Third Party Advisory http://www.securitytracker.com/id/1040784

Mitigation https://kb.juniper.net/JSA10844

Third Party Advisory http://www.securityfocus.com/bid/103747

Third Party Advisory http://www.securitytracker.com/id/1040784

Mitigation https://kb.juniper.net/JSA10844

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 11/34 · Low

Exposure 24/34 · High