Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-0003
HistoryJan 15, 2019 - 9:29 p.m.

CVE-2019-0003

2019-01-1521:29:00
CWE-617
[email protected]
web.nvd.nist.gov
36
cve-2019-0003
bgp
flowspec
configuration
junos os
vulnerability
security
assertion failure

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400.

Affected configurations

NVD
Node
juniperjunosMatch12.1x46
OR
juniperjunosMatch12.1x46d10
OR
juniperjunosMatch12.1x46d15
OR
juniperjunosMatch12.1x46d20
OR
juniperjunosMatch12.1x46d25
OR
juniperjunosMatch12.1x46d30
OR
juniperjunosMatch12.1x46d35
OR
juniperjunosMatch12.1x46d40
OR
juniperjunosMatch12.1x46d45
OR
juniperjunosMatch12.1x46d50
OR
juniperjunosMatch12.1x46d55
OR
juniperjunosMatch12.1x46d60
AND
junipersrx100Match-
OR
junipersrx110Match-
OR
junipersrx1400Match-
OR
junipersrx1500Match-
OR
junipersrx210Match-
OR
junipersrx220Match-
OR
junipersrx240Match-
OR
junipersrx300Match-
OR
junipersrx320Match-
OR
junipersrx340Match-
OR
junipersrx3400Match-
OR
junipersrx345Match-
OR
junipersrx3600Match-
OR
junipersrx4100Match-
OR
junipersrx4200Match-
OR
junipersrx5400Match-
OR
junipersrx550Match-
OR
junipersrx5600Match-
OR
junipersrx5800Match-
OR
junipersrx650Match-
Node
juniperjunosMatch12.3
OR
juniperjunosMatch12.3r1
OR
juniperjunosMatch12.3r11
OR
juniperjunosMatch12.3r12
OR
juniperjunosMatch12.3r2
OR
juniperjunosMatch12.3r3
OR
juniperjunosMatch12.3r4
OR
juniperjunosMatch12.3r5
OR
juniperjunosMatch12.3r6
OR
juniperjunosMatch12.3r7
OR
juniperjunosMatch12.3r8
OR
juniperjunosMatch12.3r9
Node
juniperjunosMatch12.3x48d10
OR
juniperjunosMatch12.3x48d15
OR
juniperjunosMatch12.3x48d20
OR
juniperjunosMatch12.3x48d25
OR
juniperjunosMatch12.3x48d30
OR
juniperjunosMatch12.3x48d35
OR
juniperjunosMatch12.3x48d40
OR
juniperjunosMatch12.3x48d45
OR
juniperjunosMatch12.3x48d55
OR
juniperjunosMatch12.3x48d60
OR
juniperjunosMatch12.3x48d65
AND
junipersrx100Match-
OR
junipersrx110Match-
OR
junipersrx1400Match-
OR
junipersrx1500Match-
OR
junipersrx210Match-
OR
junipersrx220Match-
OR
junipersrx240Match-
OR
junipersrx300Match-
OR
junipersrx320Match-
OR
junipersrx340Match-
OR
junipersrx3400Match-
OR
junipersrx345Match-
OR
junipersrx3600Match-
OR
junipersrx4100Match-
OR
junipersrx4200Match-
OR
junipersrx5400Match-
OR
junipersrx550Match-
OR
junipersrx5600Match-
OR
junipersrx5800Match-
OR
junipersrx650Match-
Node
juniperjunosMatch14.1x53
OR
juniperjunosMatch14.1x53d10
OR
juniperjunosMatch14.1x53d15
OR
juniperjunosMatch14.1x53d16
OR
juniperjunosMatch14.1x53d25
OR
juniperjunosMatch14.1x53d26
OR
juniperjunosMatch14.1x53d27
OR
juniperjunosMatch14.1x53d30
OR
juniperjunosMatch14.1x53d35
OR
juniperjunosMatch14.1x53d40
OR
juniperjunosMatch14.1x53d42
OR
juniperjunosMatch14.1x53d43
OR
juniperjunosMatch14.1x53d44
OR
juniperjunosMatch14.1x53d45
OR
juniperjunosMatch14.1x53d46
AND
juniperex2200\/vcMatch-
OR
juniperex3200Match-
OR
juniperex3300\/vcMatch-
OR
juniperex4200Match-
OR
juniperex4300Match-
OR
juniperex4550\/vcMatch-
OR
juniperex4600Match-
OR
juniperex6200Match-
OR
juniperex8200\/vc_\(xre\)Match-
OR
juniperqfx3500Match-
OR
juniperqfx3600Match-
OR
juniperqfx5100Match-
Node
juniperjunosMatch15.1f1
OR
juniperjunosMatch15.1f2
OR
juniperjunosMatch15.1f3
OR
juniperjunosMatch15.1f4
OR
juniperjunosMatch15.1f5
OR
juniperjunosMatch15.1f6
OR
juniperjunosMatch15.1f7
OR
juniperjunosMatch15.1r1
OR
juniperjunosMatch15.1r2
OR
juniperjunosMatch15.1r7-s2
OR
juniperjunosMatch15.1r7-s3
Node
juniperjunosMatch15.1x49d10
OR
juniperjunosMatch15.1x49d100
OR
juniperjunosMatch15.1x49d110
OR
juniperjunosMatch15.1x49d120
OR
juniperjunosMatch15.1x49d130
OR
juniperjunosMatch15.1x49d20
OR
juniperjunosMatch15.1x49d30
OR
juniperjunosMatch15.1x49d35
OR
juniperjunosMatch15.1x49d40
OR
juniperjunosMatch15.1x49d45
OR
juniperjunosMatch15.1x49d50
OR
juniperjunosMatch15.1x49d55
OR
juniperjunosMatch15.1x49d60
OR
juniperjunosMatch15.1x49d65
OR
juniperjunosMatch15.1x49d70
OR
juniperjunosMatch15.1x49d75
OR
juniperjunosMatch15.1x49d80
OR
juniperjunosMatch15.1x49d90
AND
junipersrx100Match-
OR
junipersrx110Match-
OR
junipersrx1400Match-
OR
junipersrx1500Match-
OR
junipersrx210Match-
OR
junipersrx220Match-
OR
junipersrx240Match-
OR
junipersrx300Match-
OR
junipersrx320Match-
OR
junipersrx340Match-
OR
junipersrx3400Match-
OR
junipersrx345Match-
OR
junipersrx3600Match-
OR
junipersrx4100Match-
OR
junipersrx4200Match-
OR
junipersrx5400Match-
OR
junipersrx550Match-
OR
junipersrx5600Match-
OR
junipersrx5800Match-
OR
junipersrx650Match-
Node
juniperjunosMatch15.1x53d20
OR
juniperjunosMatch15.1x53d21
OR
juniperjunosMatch15.1x53d210
OR
juniperjunosMatch15.1x53d25
OR
juniperjunosMatch15.1x53d30
OR
juniperjunosMatch15.1x53d32
OR
juniperjunosMatch15.1x53d33
OR
juniperjunosMatch15.1x53d34
OR
juniperjunosMatch15.1x53d40
OR
juniperjunosMatch15.1x53d45
OR
juniperjunosMatch15.1x53d56
AND
juniperex2300Match-
OR
juniperex3400Match-
CPENameOperatorVersion
juniper:junosjuniper junoseq12.1x46

CNA Affected

[
  {
    "platforms": [
      "SRX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "12.1X46-D77",
        "status": "affected",
        "version": "12.1X46",
        "versionType": "custom"
      },
      {
        "lessThan": "12.3X48-D70",
        "status": "affected",
        "version": "12.3X48",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X49-D140",
        "status": "affected",
        "version": "15.1X49",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "12.3R12-S10",
        "status": "affected",
        "version": "12.3",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1R3",
        "status": "affected",
        "version": "15.1",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1F3",
        "status": "affected",
        "version": "15.1F",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "14.1X53-D47",
        "status": "affected",
        "version": "14.1X53",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "EX2300/EX3400"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "15.1X53-D59",
        "status": "affected",
        "version": "15.1X53",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
nessus 1
cvelist 1
prion 1
nvd
nvd
CVE-2019-0003
2019-01-15 21:29:00
nessus
nessus
Junos OS: Multiple vulnerabilities in libxml2 (JSA10902)
2019-02-15 00:00:00
cvelist
cvelist
CVE-2019-0003 Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core.
2019-01-09 00:00:00
prion
prion
Authentication flaw
2019-01-15 21:29:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON
Related for CVE-2019-0003
nvd1nessus1cvelist1prion1