CVE-2019-0006 Junos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration

🗓️ 15 Jan 2019 21:00:00Reported by juniperType

Junos OS FXPC process crashes due to crafted HTTP packet in Virtual Chassis confi

Reporter	Title	Published	Views	Family All 7
BDU FSTEC	The vulnerability of the JunOS operating system allows a hacker to execute arbitrary code and cause service interruptions.	23 Jan 201900:00	–	bdu_fstec
CVE	CVE-2019-0006	15 Jan 201921:00	–	cve
EUVD	EUVD-2019-0813	7 Oct 202500:30	–	euvd
Tenable Nessus	Juniper Junos Packet Forwarding Engine Potential RCE (JSA10906)	10 Jan 201900:00	–	nessus
NVD	CVE-2019-0006	15 Jan 201921:29	–	nvd
OSV	CVE-2019-0006	15 Jan 201921:29	–	osv
Prion	Design/Logic Flaw	15 Jan 201921:29	–	prion

[
  {
    "platforms": [
      "EX Virtual Chassis Platforms, QFX Virtual Chassis Platforms"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "14.1X53-D47",
        "status": "affected",
        "version": "14.1X53",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X53-D50",
        "status": "affected",
        "version": "15.1X53",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "EX Virtual Chassis Platforms, QFX Virtual Chassis Platforms, MX Virtual Chassis Platforms"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "15.1R7-S3",
        "status": "affected",
        "version": "15.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kb	www.kb.juniper.net/JSA10906
securityfocus	www.securityfocus.com/bid/106666

22 Jan 2019 10:57Current

9.8High risk

Vulners AI Score9.8

CVSS 39.8

EPSS0.05923

CWE-908