Lucene search

JuniperCVE-2019-0008

HistoryApr 10, 2019 - 8:29 p.m.

CVE-2019-0008

2019-04-1020:29:00

CWE-787

CWE-121

juniper

web.nvd.nist.gov

cve-2019-0008

bgp

ipv6

buffer overflow

junos os

fxpc

qfx5000

ex4300

ex4600

remote code execution

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.047

Percentile

92.8%

JSON

A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.

Affected configurations

Nvd

Node

juniperjunosRange15.1x53–15.1x53-d235

juniperjunosRange17.1–17.1r3

juniperjunosRange17.2–17.2r3

juniperjunosRange17.3–17.3r3-s2

juniperjunosRange17.4–17.4r2-s1

juniperjunosRange18.1–18.1r3-s1

juniperjunosRange18.2–18.2r2

juniperjunosRange18.2x75–18.2x75-d30

juniperjunosRange18.3–18.3r2

juniperjunosMatch14.1x53

juniperjunosMatch17.3

juniperjunosMatch17.4

juniperjunosMatch18.1

AND

juniperex4300Match-

juniperex4300mMatch-

juniperex4600Match-

juniperex4650Match-

juniperqfx5100Match-

juniperqfx5110Match-

juniperqfx5120Match-

juniperqfx5200-32cMatch-

juniperqfx5200-48yMatch-

juniperqfx5210-64cMatch-

VendorProductVersionCPE
juniperjunos*cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
juniperjunos14.1x53cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*
juniperjunos17.4cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:*:*:*:*:*:*:*
juniperex4300-cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*
juniperex4300m-cpe:2.3:h:juniper:ex4300m:-:*:*:*:*:*:*:*
juniperex4600-cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*
juniperex4650-cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*
juniperqfx5100-cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	*	cpe:2.3:o:juniper:junos::::::::
juniper	junos	14.1x53	cpe:2.3:o:juniper:junos:14.1x53:::::::*
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:::::::*
juniper	junos	17.4	cpe:2.3:o:juniper:junos:17.4:::::::*
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:::::::*
juniper	ex4300	-	cpe:2.3:h:juniper:ex4300:-:::::::*
juniper	ex4300m	-	cpe:2.3:h:juniper:ex4300m:-:::::::*
juniper	ex4600	-	cpe:2.3:h:juniper:ex4600:-:::::::*
juniper	ex4650	-	cpe:2.3:h:juniper:ex4650:-:::::::*
juniper	qfx5100	-	cpe:2.3:h:juniper:qfx5100:-:::::::*

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "platforms": [
      "QFX5000 series, EX4300, EX4600"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "14.1X53"
      },
      {
        "lessThan": "15.1X53-D235",
        "status": "affected",
        "version": "15.1X53",
        "versionType": "custom"
      },
      {
        "lessThan": "17.1R3",
        "status": "affected",
        "version": "17.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S1, 18.1R4",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R2",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R2",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QFX5000 series,  EX4300, EX4600"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "17.2R3",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S2, 17.3R4",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S1, 17.4R3",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "18.2X75-D30",
        "status": "affected",
        "version": "18.2X75",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107897

kb.juniper.net/JSA10930

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.047

Percentile

92.8%

JSON

Related for CVE-2019-0008