CVE-2018-0054 : Exploit Details and Defense Strategies
Learn about CVE-2018-0054 affecting Juniper Networks' Junos OS on QFX5000 Series and EX4600 switches. Discover the impact, affected systems, mitigation steps, and necessary updates.
Egress interface congestion may occur on QFX5000 Series and EX4600 switches due to a high rate of Ethernet pause frames or ARP packet storms, potentially leading to routing protocol packet drops and peering flaps.
Understanding CVE-2018-0054
This CVE affects Juniper Networks' Junos OS on QFX5000 Series and EX4600 switches.
What is CVE-2018-0054?
The vulnerability causes congestion on egress interfaces, resulting in the dropping of routing protocol packets like BGP due to high Ethernet frame rates or ARP storms.
The Impact of CVE-2018-0054
- Egress interface congestion on QFX5000 Series and EX4600 switches
- Dropping of routing protocol packets, leading to peering flaps
Technical Details of CVE-2018-0054
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The issue affects QFX5000 Series and EX4600 switches, causing egress interface congestion and potential routing protocol packet drops.
Affected Systems and Versions
- Platforms: QFX5000 Series and EX4600
- Affected Product: Junos OS
- Affected Versions: Various versions prior to 18.1R2
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Adjacent Network
- Availability Impact: High
- Base Score: 6.5 (Medium)
Mitigation and Prevention
Learn how to mitigate and prevent the CVE-2018-0054 vulnerability.
Immediate Steps to Take
- Configure 'ether-options no-flow-control' on the BGP interface for BGP
- Adjust the lossless percentage of shared buffer pools
Long-Term Security Practices
- Regularly update to the latest software releases
Patching and Updates
- Update to the following software releases to resolve the issue: 14.1X53-D47, 15.1R7, 15.1R8, 15.1X53-D233, 16.1R7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R2-S6, 17.2R3, 17.2X75-D42, 17.3R3, 17.4R2, 18.1R2