5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
45.8%
According to its self-reported version number, the remote Juniper Junos device is affected by an unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) which can result in a denial of service (DoS) condition. An unauthenticated, remote attacker can exploit this issue, by repeatedly sending crafted, malformed IPv4 packets to a victim device, including when these packets are forwarded directly through a device, provided that the malformed packet is not first de-encapsulated from an encapsulated format by a receiving device. This allows an attacker to cause the system to stop responding.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#TRUSTED 708f3313498a785981d4c57c4f83dd84bdbaa06b332af8f73e0cb33891dc45b9fee67e0eb79ef481c5a4f8f658f3e9d9fa7b8dc0d1e90986d6eb6fbb12e70624a54125809180bb8b04e4c923a16ecabb68e10e886cba48e52f058835e76a0e6dd549b280a9742cbe5c8cf39a57e376c4b8c99f916818dbf5d8943c81ee077c549464182b324dfac16af8ce44adec3bccb6ec8897fcdaf27d806cab9e5e333f17a01d7e73384e2a2f15191eddd3036eb98d2adf8f1b8c45ff7b7bd68017c14134c0a6756de03fdf07522bf7d6abffc283faba2a2de4eb36ed35e5b83225eec311d790da595ec5eabad82be0f4d2dbc1668539c84ca52ca7634796e6f0f31e901b4ce5309f337d06996fa8863b11e8f96026e264333408d82d3633f1d2f4a8e304e420b080d2902387b73a3edd732ee66a89b5d9349b5eb4d25c6348e9cfd97f131a288141826d86d24141377f041ce4c7f10a940e8ca815b9500a643ecba640f472b3da5a56ebea6ecd46360dee9468adf3c0ac8e08e7f96f41c4e5fb6b2e1fcacdf40fcbb970867735ea766066999612226c3a4fbc15567b1c216ffee5a9253374f6fd523c18820695ecf50070fa126919036f7b48a404eaa5f06ed55f674213aa52df022cc16e3b0cf9096ff88fd0814b6eef75e28ab21a568a62b674eafa7868d91c3c4a6862c206630169835f97d8eaf4a3005263a6ab528bcb3a8aa9cff0
#TRUST-RSA-SHA256 2b72eb9f2dc7f161faebab4940f7e47420e46b95a533db035d52f2b727b411cf4ac7df8039d819e052c59b166554aaf52764fbe09dfb5736378a4d822fe49e462f6a4cb167509fd1932d998d154c33501256a9fee6586590cbd3ca2d0d3fce5d805c33e89f722e097b2abf1f3be136c4afdabacc882830068c7252607e234aae2491aabfa421ebdf63333179dd54acb0e9c2ec31b04c4c268ffd0741ef1cf1729712212685c249cf6e32fb20b01c8ef1ee41d62f133ba229cf808c46dab41780db14f3f9f6e6be1c1a93563d34b109c8ca158277131c28a8017d6f81491e3656b33523934e1f613e2cc944f13dd48342e98cffbb9b84f717ef97c3dcc633c58c4d3dcc60baa92065394a2130c656e6b573ebeb35d07372889bc8f0be4ea0f4e49be390c4f9bdff09a37532b351911e1b3010d4f303837f4c8a23e40ebc0a4b8a225b71eeb8e5ee2f5f4ee66afe3635ea7e6039c25bc861eb84dfa75a62912ff027a5e0f6478160ce5ca7f65841c161cc297c397317119100c1b38e0a3e58871fe2faaff2cdf73ff3b1602e2acaf1008a815678164631c586dabaa6fbf34a9f85ae4c97c8ee07438caa1ba6dbb326c58a23238064091881933828a540d08aef3deab6f087048268c570ede42dfd6046ba82958ba5ad463e5a77d74559bf1799349dbf6e3e8e26369ad1468a18565dcda9e7d905a9f53d847655b7bf5ee87753be
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(130504);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/24");
script_cve_id("CVE-2019-0066");
script_xref(name:"JSA", value:"JSA10965");
script_xref(name:"IAVA", value:"2019-A-0388");
script_name(english:"Junos OS: NG-mVPN rpd DoS (JSA10965)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Juniper Junos device is affected by an unexpected status
return value weakness in the Next-Generation Multicast VPN (NG-mVPN) which can result in a denial of service (DoS)
condition. An unauthenticated, remote attacker can exploit this issue, by repeatedly sending crafted, malformed IPv4
packets to a victim device, including when these packets are forwarded directly through a device, provided that the
malformed packet is not first de-encapsulated from an encapsulated format by a receiving device. This allows an
attacker to cause the system to stop responding.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://supportportal.juniper.net/s/article/2019-10-Security-Bulletin-Junos-OS-A-malformed-IPv4-packet-received-by-Junos-in-an-NG-mVPN-scenario-may-cause-the-routing-protocol-daemon-rpd-process-to-core-CVE-2019-0066
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9c12b569");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA10965");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0066");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/09");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/05");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
exit(0);
}
include('junos.inc');
var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var vuln_ranges = [
{'min_ver':'15.1', 'fixed_ver':'15.1F6-S12'},
{'min_ver':'15.1R7', 'fixed_ver':'15.1R7-S2'},
{'min_ver':'15.1X49', 'fixed_ver':'15.1X49-D150', 'model':'^SRX'},
{'min_ver':'16.1', 'fixed_ver':'16.1R3-S10'},
{'min_ver':'16.1R4', 'fixed_ver':'16.1R4-S12'},
{'min_ver':'16.1R6', 'fixed_ver':'16.1R6-S6'},
{'min_ver':'16.1R7', 'fixed_ver':'16.1R7-S2'},
{'min_ver':'16.2', 'fixed_ver':'16.2R2-S7'},
{'min_ver':'17.1', 'fixed_ver':'17.1R2-S9', 'fixed_display':'17.1R2-S9, 17.1R3'},
{'min_ver':'17.2', 'fixed_ver':'17.2R1-S7', 'fixed_display':'17.2R1-S7, 17.2R2-S6, 17.2R3'},
{'min_ver':'17.3', 'fixed_ver':'17.3R2-S4', 'fixed_display':'17.3R2-S4, 17.3R3'}
];
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
45.8%