CVE-2019-0066

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

09/10/2019

Last modified:

28/10/2021

Description

An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x

7.50

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:L/Au:N/C:N/I:N/A:P CVSS v2.0 Severity and Metrics:

Base Score: 5.00 MEDIUM
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Physical

Base Score 2.0

5.00

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:juniper:junos:15.1:a1::::::
cpe:2.3:o:juniper:junos:15.1:f1::::::
cpe:2.3:o:juniper:junos:15.1:f2::::::
cpe:2.3:o:juniper:junos:15.1:f2-s1::::::
cpe:2.3:o:juniper:junos:15.1:f2-s2::::::
cpe:2.3:o:juniper:junos:15.1:f2-s3::::::
cpe:2.3:o:juniper:junos:15.1:f2-s4::::::
cpe:2.3:o:juniper:junos:15.1:f3::::::
cpe:2.3:o:juniper:junos:15.1:f4::::::
cpe:2.3:o:juniper:junos:15.1:f5::::::
cpe:2.3:o:juniper:junos:15.1:f6::::::
cpe:2.3:o:juniper:junos:15.1:f6-s3::::::
cpe:2.3:o:juniper:junos:15.1:r1::::::
cpe:2.3:o:juniper:junos:15.1:r2::::::
cpe:2.3:o:juniper:junos:15.1:r3::::::

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:juniper:junos:15.1:a1::::::
cpe:2.3:o:juniper:junos:15.1:f1::::::
cpe:2.3:o:juniper:junos:15.1:f2::::::
cpe:2.3:o:juniper:junos:15.1:f2-s1::::::
cpe:2.3:o:juniper:junos:15.1:f2-s2::::::
cpe:2.3:o:juniper:junos:15.1:f2-s3::::::
cpe:2.3:o:juniper:junos:15.1:f2-s4::::::
cpe:2.3:o:juniper:junos:15.1:f3::::::
cpe:2.3:o:juniper:junos:15.1:f4::::::
cpe:2.3:o:juniper:junos:15.1:f5::::::
cpe:2.3:o:juniper:junos:15.1:f6::::::
cpe:2.3:o:juniper:junos:15.1:f6-s3::::::
cpe:2.3:o:juniper:junos:15.1:r1::::::
cpe:2.3:o:juniper:junos:15.1:r2::::::
cpe:2.3:o:juniper:junos:15.1:r3::::::

CVE-2019-0066

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools