CVE-2018-0048
moderate-risk
Published 2018-10-10
A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue only affects devices with JET support running Junos OS 17.2R1 and subsequent releases. Other versions of Junos OS are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3;
Do I need to act?
~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/105564
Third Party Advisory
http://www.securitytracker.com/id/1041849
Vendor Advisory
https://kb.juniper.net/JSA10882
Third Party Advisory
http://www.securityfocus.com/bid/105564
Third Party Advisory
http://www.securitytracker.com/id/1041849
Vendor Advisory
https://kb.juniper.net/JSA10882
46
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
4/34 · Minimal
Exposure
16/34 · Moderate