CVE-2018-0014 — MEDIUM (4.3)

Vulnerability Description

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Juniper	Screenos	6.3.0r1

Related Weaknesses (CWE)

CWE-200

References

http://www.securitytracker.com/id/1040185Third Party AdvisoryVDB Entry
https://kb.juniper.net/JSA10841Vendor Advisory
http://www.securitytracker.com/id/1040185Third Party AdvisoryVDB Entry
https://kb.juniper.net/JSA10841Vendor Advisory

FAQ

What is CVE-2018-0014?

CVE-2018-0014 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CV...

How severe is CVE-2018-0014?

CVE-2018-0014 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0014?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Screenos.