Stack-based buffer overflow in Juniper Junos OS



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-0053
CWE-ID CWE-121
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Juniper Junos OS
Operating systems & Components / Operating system

Vendor Juniper Networks, Inc.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Stack-based buffer overflow

EUVDB-ID: #VU19149

Risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0053

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of environment variables when connecting via the telnet client to remote telnet servers. A local authenticated attacker can trigger stack-based buffer overflow, bypass veriexec restrictions and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability only affects the telnet client - accessible from the CLI or shel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3R12-S1 - 18.4R1

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10947&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###