Lucene search

[email protected]CVE-2019-0011

HistoryJan 15, 2019 - 9:29 p.m.

CVE-2019-0011

2019-01-1521:29:01

[email protected]

web.nvd.nist.gov

cve-2019-0011

junos os

kernel

dos

denial of service

juniper networks

nvd

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.9%

JSON

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X75-D110; 18.1 versions prior to 18.1R2.

Affected configurations

NVD

Node

juniperjunosMatch17.2-

juniperjunosMatch17.2r1

juniperjunosMatch17.2r1-s1

juniperjunosMatch17.2r1-s2

juniperjunosMatch17.2r1-s3

juniperjunosMatch17.2r1-s4

juniperjunosMatch17.2r1-s5

juniperjunosMatch17.2r1-s6

Node

juniperjunosMatch17.3-

juniperjunosMatch17.3r1

juniperjunosMatch17.3r2

juniperjunosMatch17.3r3

juniperjunosMatch17.3r3-s1

juniperjunosMatch17.3r3-s2

Node

juniperjunosMatch17.4-

juniperjunosMatch17.4r1

juniperjunosMatch17.4r1-s1

juniperjunosMatch17.4r1-s2

juniperjunosMatch17.4r1-s3

Node

juniperjunosMatch17.2x75-

juniperjunosMatch17.2x75d100

juniperjunosMatch17.2x75d102

juniperjunosMatch17.2x75d50

juniperjunosMatch17.2x75d70

juniperjunosMatch17.2x75d90

juniperjunosMatch17.2x75d92

Node

juniperjunosMatch18.1-

CPENameOperatorVersion
juniper:junosjuniper junoseq17.2

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	17.2

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "17.2R1-S7, 17.2R3",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S3",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R1-S4, 17.4R2",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2X75-D110",
        "status": "affected",
        "version": "17.2X75",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R2",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106534

kb.juniper.net/JSA10911

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.9%

JSON

Related for CVE-2019-0011

cvelist1 nessus1 nvd1 prion1