CVE-2019-0008 QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process

🗓️ 10 Apr 2019 20:13:50Reported by juniperType

A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process on Junos O

Reporter	Title	Published	Views	Family All 6
BDU FSTEC	The vulnerability of the packet forwarding dispatcher in the Junos OS operating system allows a attacker to execute arbitrary code or cause a failure in the operation of the FXPC daemon.	30 Apr 201900:00	–	bdu_fstec
CVE	CVE-2019-0008	10 Apr 201920:13	–	cve
EUVD	EUVD-2019-0815	7 Oct 202500:30	–	euvd
Tenable Nessus	Juniper JSA10930	26 Apr 201900:00	–	nessus
NVD	CVE-2019-0008	10 Apr 201920:29	–	nvd
Prion	Stack overflow	10 Apr 201920:29	–	prion

[
  {
    "platforms": [
      "QFX5000 series, EX4300, EX4600"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "14.1X53"
      },
      {
        "lessThan": "15.1X53-D235",
        "status": "affected",
        "version": "15.1X53",
        "versionType": "custom"
      },
      {
        "lessThan": "17.1R3",
        "status": "affected",
        "version": "17.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S1, 18.1R4",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R2",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R2",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QFX5000 series,  EX4300, EX4600"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "17.2R3",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S2, 17.3R4",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S1, 17.4R3",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "18.2X75-D30",
        "status": "affected",
        "version": "18.2X75",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kb	www.kb.juniper.net/JSA10930
securityfocus	www.securityfocus.com/bid/107897

15 Apr 2019 09:06Current

10High risk

Vulners AI Score10

CVSS 39.8

EPSS0.04545

CWE-121