CVE-2018-0027
HIGHJuniper Junos OS 16.1 - Denial of Service via Crafted RSVP PATH Message
Title source: llmDescription
Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1.
References (3)
Core 3
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10861
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041318
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104721
Scores
CVSS v3
7.5
EPSS
0.0086
EPSS Percentile
75.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
juniper/junos
16.1 r1 (2 CPE variants)
Published
Jul 11, 2018
Tracked Since
Feb 18, 2026