2 matches found
CVE-2019-0040
CVE-2019-0040 affects Juniper Junos OS on multiple 15.x–17.x releases based on FreeBSD 10 or higher. The issue is an information disclosure in rpcbind: external packets to port 111 may elicit responses from the management interface (e.g., fxp0), exposing internal addressing and the existence of t...
CVE-2019-0040 Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface
On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance IRI. External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface e.g. fxp0 thus...