{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:39:19.946","vulnerabilities":[{"cve":{"id":"CVE-2018-0057","sourceIdentifier":"sirt@juniper.net","published":"2018-10-10T18:29:02.983","lastModified":"2024-11-21T03:37:28.720","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3."},{"lang":"es","value":"En las plataformas MX Series y M120/M320 configuradas en un entorno Broadband Edge (BBE), los suscriptores que inician sesión con DHCP Option 50 para solicitar una dirección IP específica tendrán asignada la dirección IP que soliciten, incluso aunque haya un enlace de MAC estática a dirección IP en el perfil de acceso. En el escenario de problemas, con una dirección de hardware y una dirección IP configurada bajo el grupo address-assignment, si un suscriptor inicia sesión con DHCP Option 50, éste no recibirá una dirección disponible del grupo de coincidencias, pero seguirá recibiendo la dirección IP solicitada. Un suscriptor DHCP malicioso podría ser capaz de emplear esta vulnerabilidad para crear asignaciones de direcciones IP duplicadas, lo que conduce a una denegación de servicio (DoS) para los suscriptores válidos o la divulgación de información no autorizada mediante la suplantación de asignaciones de direcciones IP. Las versiones afectadas de Juniper Networks Junos OS son: 15.1 en versiones anteriores a la 15.1R7-S2, 15.1R8; 16.1 en versiones anteriores a la 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 en versiones anteriores a la 16.2R2-S7, 16.2R3; 17.1 en versiones anteriores a la 17.1R2-S9, 17.1R3; 17.2 en versiones anteriores a la 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 en versiones anteriores a la 17.3R2-S4, 17.3R3; 17.4 en versiones anteriores a la 17.4R2 y 18.1 en versiones anteriores a la 18.1R2-S3, 18.1R3."}],"metrics":{"cvssMetricV30":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*","matchCriteriaId":"BD0952C4-FFCC-4A78-ADFC-289BD6E269DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*","matchCriteriaId":"1C56E6C3-BBB6-4853-91D9-99C7676D0CD4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*","matchCriteriaId":"0E0ECBD8-3D66-49DA-A557-5695159F0C06"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*","matchCriteriaId":"0EAA2998-A0D6-4818-9E7C-25E8099403E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*","matchCriteriaId":"2D4ADFC5-D4B8-4A68-95D8-8ADF92C1CFE8"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*","matchCriteriaId":"71D211B9-B2FE-4324-AAEE-8825D5238E48"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*","matchCriteriaId":"D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*","matchCriteriaId":"0E6CD065-EC06-4846-BD2A-D3CA7866070F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*","matchCriteriaId":"C7620D01-1A6B-490F-857E-0D803E0AEE56"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*","matchCriteriaId":"4A1545CE-279F-4EE2-8913-8F3B2FAFE7F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*","matchCriteriaId":"08FC0245-A4FF-42C0-A236-8569301E351A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*","matchCriteriaId":"120EA9E3-788B-4CFD-A74F-17111FFD0131"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*","matchCriteriaId":"2AC40ABB-E364-46C9-A904-C0ED02806250"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*","matchCriteriaId":"BBE35BDC-7739-4854-8BB8-E8600603DE9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*","matchCriteriaId":"2DC47132-9EEA-4518-8F86-5CD231FBFB61"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*","matchCriteriaId":"CD5A30CE-9498-4007-8E66-FD0CC6CF1836"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:16.2:*:*:*:*:*:*:*","matchCriteriaId":"4D571B57-4F4C-4232-9D3B-B2F7AAAB220B"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*","matchCriteriaId":"3661BC68-6F32-447F-8D20-FD73FBBED9C6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*","matchCriteriaId":"50B47EC5-0276-4799-B536-12B33B5F003B"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*","matchCriteriaId":"7572C187-4D58-4E0D-A605-B2B13EFF5C6B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:17.2:*:*:*:*:*:*:*","matchCriteriaId":"64EB45C0-E3BD-4C0D-9E97-1DB726D66401"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*","matchCriteriaId":"0F69A0E5-B61B-405D-B501-9CB306651CEA"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*","matchCriteriaId":"38A40E03-F915-4888-87B0-5950F75F097D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*","matchCriteriaId":"974B6128-ABD2-4D9C-87A1-5F1740DDCB95"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*","matchCriteriaId":"988D317A-0646-491F-9B97-853E8E208276"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:18.1:*:*:*:*:*:*:*","matchCriteriaId":"BBF736F6-ED05-4DC1-96FB-3F35BA5B3EFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*","matchCriteriaId":"B0A756E2-C320-405A-B24F-7C5022649E5A"}]}]}],"references":[{"url":"https://kb.juniper.net/JSA10892","source":"sirt@juniper.net","tags":["Vendor Advisory"]},{"url":"https://kb.juniper.net/JSA10892","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}