A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2.
Published 2018-01-10 22:29:01
Updated 2019-10-09 23:30:57
View at NVD,   CVE.org
Vulnerability category: Denial of service

Products affected by CVE-2018-0006

Exploit prediction scoring system (EPSS) score for CVE-2018-0006

0.06%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-0006

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
2.9
LOW AV:A/AC:M/Au:N/C:N/I:N/A:P
5.5
2.9
NIST
5.3
MEDIUM CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1.6
3.6
NIST
6.5
MEDIUM CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.8
3.6
Juniper Networks, Inc.

CWE ids for CVE-2018-0006

  • The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-0006

  • https://kb.juniper.net/JSA10834
    Juniper Networks - 2018-01 Security Bulletin: Junos: bbe-smgd process denial of service while processing VLAN authentication requests/rejects (CVE-2018-0006)
    Mitigation;Patch;Vendor Advisory
  • http://www.securitytracker.com/id/1040184
    Juniper Junos bbe-smgd VLAN Authentication Processing Flaw Lets Remote Users Consume Excessive Memory Resources - SecurityTracker
    Third Party Advisory;VDB Entry
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!