CVE-2018-0063

A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit. Once the IRI next-hop database is full, no further next hops can be learned and existing entries cannot be cleared, leading to a sustained denial of service (DoS) condition. An indicator of compromise for this issue is the report of the following error message: %KERN-4: Nexthop index allocation failed: private index space exhausted This issue only affects the management interface, and does not impact regular transit traffic through the FPCs. This issue also only affects Junos OS 17.3R3. No prior versions of Junos OS are affected by this issue. Affected releases are Juniper Networks Junos OS: 17.3R3.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securitytracker.com/id/1041861	Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10899	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*

History

25 Oct 2021, 16:12

Type	Values Removed	Values Added
CPE	cpe:2.3:o:juniper:junos:17.3r3:::::::*	cpe:2.3:o:juniper:junos:17.3:::::::*

Information

Published : 2018-10-10 18:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-0063

Mitre link : CVE-2018-0063

CVE.ORG link : CVE-2018-0063

JSON object : View

Products Affected

juniper

junos

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2018-0063", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-10-10T18:29:03.703", "references": [{"url": "http://www.securitytracker.com/id/1041861", "tags": ["Third Party Advisory", "VDB Entry"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA10899", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit. Once the IRI next-hop database is full, no further next hops can be learned and existing entries cannot be cleared, leading to a sustained denial of service (DoS) condition. An indicator of compromise for this issue is the report of the following error message: %KERN-4: Nexthop index allocation failed: private index space exhausted This issue only affects the management interface, and does not impact regular transit traffic through the FPCs. This issue also only affects Junos OS 17.3R3. No prior versions of Junos OS are affected by this issue. Affected releases are Juniper Networks Junos OS: 17.3R3."}, {"lang": "es", "value": "Una vulnerabilidad en la base de datos de \u00edndices de IP next-hop en Junos OS 17.3R3 podr\u00eda permitir una inundaci\u00f3n de peticiones ARP, enviadas a la interfaz de gesti\u00f3n, para agotar el l\u00edmite next-hop de los IRI (Internal Routing Interfaces) privados. Una vez la base de datos next-hop de IRI est\u00e1 llena, no se pueden aprender m\u00e1s next-hops y las entradas existentes no se pueden eliminar, lo que conduce a una denegaci\u00f3n de servicio (DoS) prolongada. Un indicador de compromiso para este problema es el reporte del siguiente mensaje de error: %KERN-4: Nexthop index allocation failed: private index space exhausted. Este problema solo afecta a la interfaz de gesti\u00f3n y no impacta sobre el tr\u00e1fico de tr\u00e1nsito regular a trav\u00e9s de los FPC. Este problema solo afecta a Junos OS 17.3R3. Ninguna otra versi\u00f3n anterior de Junos OS se ha visto afectada por esta vulnerabilidad. Las versiones afectadas de Juniper Networks Junos OS son: 17.3R3."}], "lastModified": "2021-11-06T03:35:42.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F69A0E5-B61B-405D-B501-9CB306651CEA"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}