CVE-2018-0057

On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.

CVSS v3 6.1 MEDIUM
CVSS v2.0 5.5 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Exploitability : 2.8 / Impact : 2.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

5.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://kb.juniper.net/JSA10892	Vendor Advisory
https://kb.juniper.net/JSA10892	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:15.1:::::::*
	cpe:2.3:o:juniper:junos:15.1:f2::::::
	cpe:2.3:o:juniper:junos:15.1:f3::::::
	cpe:2.3:o:juniper:junos:15.1:f4::::::
	cpe:2.3:o:juniper:junos:15.1:f5::::::
	cpe:2.3:o:juniper:junos:15.1:f6::::::
	cpe:2.3:o:juniper:junos:15.1:r1::::::
	cpe:2.3:o:juniper:junos:15.1:r2::::::
	cpe:2.3:o:juniper:junos:15.1:r3::::::
	cpe:2.3:o:juniper:junos:15.1:r4::::::
	cpe:2.3:o:juniper:junos:15.1:r5::::::
	cpe:2.3:o:juniper:junos:15.1:r6::::::

Configuration 2 (hide)

OR	cpe:2.3:o:juniper:junos:16.1:::::::*
	cpe:2.3:o:juniper:junos:16.1:r1::::::
	cpe:2.3:o:juniper:junos:16.1:r2::::::
	cpe:2.3:o:juniper:junos:16.1:r3::::::

Configuration 3 (hide)

OR	cpe:2.3:o:juniper:junos:16.2:::::::*
	cpe:2.3:o:juniper:junos:16.2:r1::::::

Configuration 4 (hide)

OR	cpe:2.3:o:juniper:junos:17.1:::::::*
	cpe:2.3:o:juniper:junos:17.1:r1::::::

Configuration 5 (hide)

cpe:2.3:o:juniper:junos:17.2:*:*:*:*:*:*:*

Configuration 6 (hide)

OR	cpe:2.3:o:juniper:junos:17.3:::::::*
	cpe:2.3:o:juniper:junos:17.3:r1::::::

Configuration 7 (hide)

OR	cpe:2.3:o:juniper:junos:17.4:::::::*
	cpe:2.3:o:juniper:junos:17.4:r1::::::

Configuration 8 (hide)

OR	cpe:2.3:o:juniper:junos:18.1:::::::*
	cpe:2.3:o:juniper:junos:18.1:r1::::::

History

21 Nov 2024, 03:37

Type	Values Removed	Values Added
CVSS	v2 : ~~5.5~~ v3 : ~~9.6~~	v2 : 5.5 v3 : 6.1
References	~~() https://kb.juniper.net/JSA10892 - Vendor Advisory~~	() https://kb.juniper.net/JSA10892 - Vendor Advisory

Information

Published : 2018-10-10 18:29

Updated : 2024-11-21 03:37

NVD link : CVE-2018-0057

Mitre link : CVE-2018-0057

CVE.ORG link : CVE-2018-0057

JSON object : View

Products Affected

juniper

junos

CWE

NVD-CWE-noinfo

6.1 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

5.5 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2018-0057

6.1^/10

5.5^/10

Attach tags to `CVE-2018-0057`