SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Juniper Junos Vendors:   Juniper
Juniper Junos UDP/MPLS Processing Flaw Lets Remote Users Bypass the Firewall
SecurityTracker Alert ID:  1041326
SecurityTracker URL:  http://securitytracker.com/id/1041326
CVE Reference:   CVE-2018-0031   (Links to External Site)
Date:  Jul 19 2018
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2X75
Description:   A vulnerability was reported in Juniper Junos. A remote user can bypass security controls on the target system.

A remote user can send specially crafted UDP packets over MPLS through the target device to bypass a stateless firewall filter to access resources on the target system or network.

The vendor has assigned PR 1326402 to this vulnerability.

Internet2 and The Indiana University GlobalNOC reported this vulnerability.

Impact:   A remote user can bypass the firewall to access hosts or resources on the protected network.
Solution:   The vendor has issued a fix (12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5).

The vendor advisory is available at:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10865

Vendor URL:  kb.juniper.net/InfoCenter/index?page=content&id=JSA10865 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10865

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC