CVE intelligence and bounded remediation
CVE-2018-0030 — Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart
Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards.
- Severity
- High
- CVSS
- 7.5 (3.0)
- Published
- 2018-07-11
- CISA KEV
- Not currently listed
- Ecosystem
- operating-system
- Weaknesses
- CWE-400
Affected products
- juniper / junos / 15.1
- juniper / junos / 16.1
Matched remediation archetype
Resource exhaustion and denial of service
This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.
Check exposure
- Identify attacker-influenced work factors including input size, nesting, compression, fan-out, regex cost, allocation, recursion, retries, and connection lifetime.
- Map per-request and shared CPU, memory, disk, descriptor, thread, queue, and downstream-service limits.
- Determine whether authentication, tenancy, quotas, and rate controls apply before expensive processing begins.
Remediate safely
- Bound input size, nesting, expansion, work, concurrency, queue depth, retries, and execution time before resource-intensive processing.
- Release resources on every success, error, cancellation, and timeout path and use backpressure instead of unbounded buffering.
- Update affected components and add small deterministic tests that assert resource ceilings rather than exhausting a host.
Authoritative sources
Complete CVE record and remediation plan
The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.