How severe is CVE-2018-0009?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2018-0009?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2018-0009

MEDIUM Year: 2018

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series.

CVE-2004-1464

MEDIUM

CVSS:5.9(Medium)

Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

NVD-CWE-Other2004

CVE-2015-5370

MEDIUM

CVSS:5.9(Medium)

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a ...

NVD-CWE-Other2015

CVE-2015-7744

MEDIUM

CVSS:5.9(Medium)

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations...

NVD-CWE-Other2015

CVE-2015-8158

MEDIUM

CVSS:5.9(Medium)

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.

NVD-CWE-Other2015

CVE-2015-8288

MEDIUM

CVSS:5.9(Medium)

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote atta...

NVD-CWE-Other2015

CVE-2016-0677

MEDIUM

CVSS:5.9(Medium)

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.

NVD-CWE-Other2016

CVE-2018-0009

Vulnerability Description

Related Vulnerabilities

CVE-2004-1464

CVE-2015-5370

CVE-2015-7744

CVE-2015-8158

CVE-2015-8288

CVE-2016-0677