Multiple vulnerabilities in Juniper Junos OS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2019-0001 CVE-2019-0002 CVE-2019-0003 CVE-2019-0005 CVE-2019-0006 CVE-2019-0007 CVE-2019-0009 CVE-2019-0010 CVE-2019-0011 CVE-2019-0012 CVE-2019-0013 CVE-2019-0014 CVE-2019-0015 |
| CWE-ID | CWE-835 CWE-264 CWE-617 CWE-822 CWE-400 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Juniper Junos OS Operating systems & Components / Operating system |
| Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Infinite loop
EUVDB-ID: #VU17000
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0001
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd) when receipt of a malformed packet on MX Series devices with dynamic vlan configuration. A remote attacker can send trigger high CPU usage and a crash of the bbe-smgd service.
MitigationThe vulnerability has been addressed in the versions 16.1R7-S1, 16.2R2-S7, 17.1R2-S10, 17.1R3, 17.2R3, 17.3R3-S1, 17.4R2, 18.1R3, 18.2R2, 18.3R1.
Vulnerable software versionsJuniper Junos OS: 16.1 - 18.2R1
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10900&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU17019
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0002
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to the failure of stateless firewall filter rules to take effect. A remote unauthenticated attacker can bypass security restrictions to conduct further attacks.
MitigationThe vulnerability has been addressed in the versions 15.1X53-D590, 18.1R3, 18.2R2, 18.3R1.
Vulnerable software versionsJuniper Junos OS: 15.1X53 - 18.2R1
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10901&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable assertion
EUVDB-ID: #VU17020
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0003
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to a reachable assertion failure when a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration. A remote attacker can cause the routing protocol daemon (rpd) process to crash with a core file being generated.
MitigationThe vulnerability has been addressed in the versions 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 14.1X53-D47, 15.1F3, 15.1R3, 15.1X49-D140, 15.1X53-D59, 16.1R1.
Vulnerable software versionsJuniper Junos OS: 12.1x46 - 15.1X53-D58
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10902&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU17083
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0005
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists due to the ignoring of IPv6 extension headers by the stateless firewall filter. A remote attacker can bypass security restrictions to forward IPv6 packets.
The vulnerability has been addressed in the versions 14.1X53-D47, 15.1R7, 15.1X53-D234, 15.1X53-D591, 16.1R7, 17.1R2-S10, 17.1R3, 17.2R3, 17.3R3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5.
Vulnerable software versionsJuniper Junos OS: 14.1x53 - 18.1R1
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10905&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Untrusted pointer dereference
EUVDB-ID: #VU17084
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0006
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.
The weakness exists due to an uninitialized function pointer dereference in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. A remote attacker can send specially crafted HTTP packets to cause the fxpc daemon crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The vulnerability has been addressed in the versions 14.1X53-D47, 15.1R7-S3, 16.1R1.
Vulnerable software versionsJuniper Junos OS: 14.1x53 - 16.1R
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10906&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security restrictions bypass
EUVDB-ID: #VU17085
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0007
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists due to the use of a predictable IP ID Sequence Number. A remote attacker can bypass security restrictions launch further attacks on the system.
Update to version 15.1F5.
Vulnerable software versionsJuniper Junos OS: 15.1 - 15.1F4-S2
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10903&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Denial of service
EUVDB-ID: #VU17086
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0009
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition.
The vulnerability exists due to unspecified flaw. A local attacker can use high disk I/O operations to disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE).
MitigationThe vulnerability has been addressed in the versions 15.1X53-D113, 15.1X53-D590, 18.1R2-S2, 18.1R3, 18.2R2, 18.3R1.
Vulnerable software versionsJuniper Junos OS: 15.1X53 - 18.2R1
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10909&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU17087
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0010
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. A remote attacker can send a specially-crafted HTTP traffic, cause UTM to consume all mbufs resulting in a denial of service condition.
MitigationThe vulnerability has been addressed in the versions 12.1X46-D81, 12.3X48-D77, 15.1X49-D101, 15.1X49-D110, 17.3R1.
Vulnerable software versionsJuniper Junos OS: 12.1x46 - 17.3
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10910&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU17088
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. An adjacent attacker can continuously send a specially crafted packet and cause the kernel to crash.
MitigationThe vulnerability has been addressed in the versions 17.2R1-S7, 17.2R3, 17.2X75-D110, 17.3R3-S3, 17.4R1-S4, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5.
Vulnerable software versionsJuniper Junos OS: 17.2 - 18.2
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10911&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU17089
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0012
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to an error when configured as a VPLS PE. A remote attacker can send a specially crafted BGP message and cause the routing protocol daemon (rpd) process to crash.
MitigationThe vulnerability has been addressed in the versions 12.1X46-D81, 12.3R12-S12, 12.3X48-D76, 12.3X48-D80, 15.1F6-S12, 15.1R7-S2, 15.1X49-D150, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68, 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1, 16.2R2-S7, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R1-S5, 17.4R2, 18.1R2-S3, 18.1R3, 18.2R1, 18.2X75-D10.
Vulnerable software versionsJuniper Junos OS: 12.1x46 - 18.2X75-D5
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10912&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU17090
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0013
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. An adjacent attacker can send a specially crafted IPv4 PIM Join packet and cause the routing protocol daemon (RPD) process to crash.
MitigationThe vulnerability has been addressed in the versions 12.1X46-D77, 12.3X48-D77, 15.1F6-S10, 15.1R6-S6, 15.1R7, 15.1X49-D150, 15.1X53-D233, 15.1X53-D59, 16.1R3-S8, 16.1R4-S8, 16.1R7, 16.2R2-S6, 17.1R2-S6, 17.1R3, 17.2R2-S3, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R1.
Vulnerable software versionsJuniper Junos OS: 12.1x46 - 17.4R1-S5
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10913&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU17091
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0014
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. A remote attacker can send a specially crafted packet for J-Flow and cause the FPC (Flexible PIC Concentrator) process to crash.
MitigationThe vulnerability has been addressed in the versions 17.2X75-D91, 17.2X75-D100, 17.4R2-S1, 17.4R3, 18.1R3-S1, 18.2R1-S3, 18.2R2, 18.2X75-D5, 18.3R1.
Vulnerable software versionsJuniper Junos OS: 17.2X75 - 18.2R1
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10914&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security restrictions bypass
EUVDB-ID: #VU17092
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0015
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to an error in the SRX Series Service Gateway. A remote authenticated attacker can establish VPN connections until reboot and gain access to the device.
MitigationThe vulnerability has been addressed in the versions 12.3X48-D75, 15.1X49-D150, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1.
Vulnerable software versionsJuniper Junos OS: 12.3x48 - 18.2R1-S3
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10915&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
