Multiple vulnerabilities in Juniper Junos OS

Published: 2019-10-14 | Updated: 2019-10-14
Severity Medium
Patch available YES
Number of vulnerabilities 24
CVE ID CVE-2019-0063
CVE-2019-0064
CVE-2019-0065
CVE-2019-0066
CVE-2019-0067
CVE-2019-0068
CVE-2019-0069
CVE-2019-0050
CVE-2019-0074
CVE-2019-0075
CVE-2019-0071
CVE-2019-0073
CVE-2019-0051
CVE-2019-0070
CVE-2019-0047
CVE-2019-0062
CVE-2019-0061
CVE-2019-0060
CVE-2019-0058
CVE-2019-0059
CVE-2019-0057
CVE-2019-0056
CVE-2019-0054
CVE-2019-0055
CWE ID CWE-20
CWE-312
CWE-399
CWE-22
CWE-354
CWE-276
CWE-400
CWE-79
CWE-384
CWE-264
CWE-269
CWE-401
CWE-285
CWE-295
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software Juniper Junos OS Subscribe
EX3400
EX2300-C
EX2300
MX480
MX960
MX2008
MX2010
MX2020
Vendor Juniper Networks, Inc.

Security Advisory

1) Input validation error

Severity: Low

CVSSv3: 5.7 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0063

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled. A remote attacker can send a specially crafted DHCP response message on a subscriber interface, crash jdhcpd and cause an extended denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1R, 15.1R1, 15.1R2, 15.1R3, 15.1R4, 15.1R4-S1, 15.1R4-S2, 15.1R4-S3, 15.1R4-S4, 15.1R4-S5, 15.1R4-S6, 15.1R4-S7, 15.1R4-S8, 15.1R4-S9, 15.1R5, 15.1R5-S4, 15.1R5-S5, 15.1R5-S7, 15.1R5-S51, 15.1R5-S52, 15.1R5-S53, 15.1R5-S54, 15.1R5-S55, 15.1R5-S56, 15.1R5-S57, 15.1R6, 15.1R6-S1, 15.1R6-S2, 15.1R6-S3, 15.1R6-S4, 15.1R6-S5, 15.1R6-S6, 15.1R7, 15.1R7-S2, 15.1R7-S3, 15.1R7-S4, 16.1R, 16.1R1, 16.1R2, 16.1R3, 16.1R3-S1, 16.1R3-S2, 16.1R3-S3, 16.1R3-S4, 16.1R3-S5, 16.1R3-S6, 16.1R3-S7, 16.1R3-S8, 16.1R3-S10, 16.1R3-S11, 16.1R4, 16.1R4-S3, 16.1R4-S6, 16.1R4-S8, 16.1R4-S9, 16.1R4-S12, 16.1R4-S13, 16.1R5, 16.1R5-S3, 16.1R5-S4, 16.1R6, 16.1R6-S2, 16.1R6-S3, 16.1R6-S4, 16.1R6-S6, 16.1R7, 16.1R7-S1, 16.1R7-S2, 16.1R7-S3, 16.1R7-S4, 16.2R1, 16.2R1-S1, 16.2R1-S2, 16.2R1-S3, 16.2R1-S4, 16.2R1-S5, 16.2R1-S6, 16.2R2, 16.2R2-S1, 16.2R2-S2, 16.2R2-S3, 16.2R2-S4, 16.2R2-S5, 16.2R2-S6, 16.2R2-S7, 16.2R2-S8, 16.2R2-S9, 17.1R1, 17.1R1-S1, 17.1R1-S2, 17.1R1-S3, 17.1R1-S4, 17.1R1-S5, 17.1R1-S6, 17.1R1-S7, 17.1R2, 17.1R2-S1, 17.1R2-S2, 17.1R2-S3, 17.1R2-S4, 17.1R2-S5, 17.1R2-S6, 17.1R2-S7, 17.1R2-S8, 17.1R2-S9, 17.1R2-S10, 17.2R1, 17.2R1-S1, 17.2R1-S2, 17.2R1-S3, 17.2R1-S4, 17.2R1-S5, 17.2R1-S6, 17.2R1-S7, 17.2R1-S8, 17.2R2, 17.2R2-S1, 17.2R2-S2, 17.2R2-S3, 17.2R2-S4, 17.2R2-S6, 17.2R2-S7, 17.2R2-S8, 17.2R3-S1, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.3R3-S5, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2, 17.4R2-S1, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3, 18.1R3-S1, 18.1R3-S2, 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2X75-D5, 18.2X75-D10, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D40, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R1-S3, 18.4R1-S4, 19.1R1, 19.1R1-S1

CPE External links

https://kb.juniper.net/JSA10962

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0064

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing TCP packets if "set security zones security-zone <zone> tcp-rst" is configured. A remote attacker can send a specially crafted TCP packet, crash the flowd process and cause a denial of service on the target system.

Note: This vulnerability affects only Junos OS on SRX 5000 Series.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.2R3, 18.4R2, 19.2R1

CPE External links

https://kb.juniper.net/JSA10963

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0065

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing SIP packets. A remote attacker can send a specially crafted SIP packet, crash the MS-PIC component on MS-MIC or MS-MPC and cause a sustained denial of service condition on the target sysem.

Note: This issue affects Junos OS on MX Series when the SIP ALG is enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 16.1R, 16.1R1, 16.1R2, 16.1R3, 16.1R3-S1, 16.1R3-S2, 16.1R3-S3, 16.1R3-S4, 16.1R3-S5, 16.1R3-S6, 16.1R3-S7, 16.1R3-S8, 16.1R3-S10, 16.1R3-S11, 16.1R4, 16.1R4-S3, 16.1R4-S6, 16.1R4-S8, 16.1R4-S9, 16.1R4-S12, 16.1R4-S13, 16.1R5, 16.1R5-S3, 16.1R5-S4, 16.1R6, 16.1R6-S2, 16.1R6-S3, 16.1R6-S4, 16.1R6-S6, 16.1R7, 16.1R7-S1, 16.1R7-S2, 16.1R7-S3, 16.1R7-S4, 16.2R1, 16.2R1-S1, 16.2R1-S2, 16.2R1-S3, 16.2R1-S4, 16.2R1-S5, 16.2R1-S6, 16.2R2, 16.2R2-S1, 16.2R2-S2, 16.2R2-S3, 16.2R2-S4, 16.2R2-S5, 16.2R2-S6, 16.2R2-S7, 16.2R2-S8, 16.2R2-S9, 16.2R2-S10, 17.1R1, 17.1R1-S1, 17.1R1-S2, 17.1R1-S3, 17.1R1-S4, 17.1R1-S5, 17.1R1-S6, 17.1R1-S7, 17.1R2, 17.1R2-S1, 17.1R2-S2, 17.1R2-S3, 17.1R2-S4, 17.1R2-S5, 17.1R2-S6, 17.1R2-S7, 17.1R2-S8, 17.1R2-S9, 17.1R2-S10, 17.2R1, 17.2R1-S1, 17.2R1-S2, 17.2R1-S3, 17.2R1-S4, 17.2R1-S5, 17.2R1-S6, 17.2R1-S7, 17.2R1-S8, 17.2R2, 17.2R2-S1, 17.2R2-S2, 17.2R2-S3, 17.2R2-S4, 17.2R2-S6, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S1, 17.2R3-S2, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.3R3-S5, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2, 17.4R2-S1, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3, 18.1R3-S1, 18.1R3-S2, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R2-S4, 18.2R2-S5, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R1-S5, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R1-S3, 18.4R1-S4

CPE External links

https://kb.juniper.net/JSA10964

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0066

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to an unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service. A remote attacker can send a specially crafted IPv4 packet to the device running BGP and cause a denial of service condition and core the routing protocol daemon (rpd) process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1F, 15.1F1, 15.1F2, 15.1F2-S1, 15.1F2-S2, 15.1F2-S3, 15.1F2-S4, 15.1F2-S5, 15.1F2-S6, 15.1F2-S7, 15.1F2-S8, 15.1F2-S9, 15.1F2-S10, 15.1F2-S11, 15.1F2-S12, 15.1F2-S13, 15.1F2-S14, 15.1F2-S15, 15.1F2-S16, 15.1F2-S17, 15.1F2-S18, 15.1F2-S19, 15.1F2-S20, 15.1F3, 15.1F4, 15.1F4-S1-J1, 15.1F4-S2, 15.1F5, 15.1F5-S1, 15.1F5-S2, 15.1F5-S3, 15.1F5-S4, 15.1F5-S5, 15.1F6, 15.1F6-S1, 15.1F6-S2, 15.1F6-S3, 15.1F6-S4, 15.1F6-S5, 15.1F6-S6, 15.1F6-S7, 15.1F6-S8, 15.1F6-S9, 15.1F6-S10, 15.1R, 15.1R1, 15.1R2, 15.1R3, 15.1R4, 15.1R4-S1, 15.1R4-S2, 15.1R4-S3, 15.1R4-S4, 15.1R4-S5, 15.1R4-S6, 15.1R4-S7, 15.1R4-S8, 15.1R4-S9, 15.1R5, 15.1R5-S4, 15.1R5-S5, 15.1R5-S7, 15.1R5-S51, 15.1R5-S52, 15.1R5-S53, 15.1R5-S54, 15.1R5-S55, 15.1R5-S56, 15.1R5-S57, 15.1R6, 15.1R6-S1, 15.1R6-S2, 15.1R6-S3, 15.1R6-S4, 15.1R6-S5, 15.1R6-S6, 15.1R7, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X53-D10, 15.1X53-D20, 15.1X53-D21, 15.1X53-D30, 15.1X53-D32, 15.1X53-D33, 15.1X53-D34, 15.1X53-D40, 15.1X53-D45, 15.1X53-D47, 15.1X53-D48, 15.1X53-D50, 15.1X53-D51, 15.1X53-D52, 15.1X53-D55, 15.1X53-D57, 15.1X53-D58, 15.1X53-D59, 15.1X53-D60, 15.1X53-D61, 15.1X53-D62, 15.1X53-D63, 15.1X53-D64, 15.1X53-D65, 15.1X53-D66, 15.1X53-D67, 16.1R1, 16.1R2, 16.1R3, 16.1R3-S1, 16.1R3-S2, 16.1R3-S3, 16.1R3-S4, 16.1R3-S5, 16.1R3-S6, 16.1R3-S7, 16.1R3-S8, 16.2R1, 16.2R1-S1, 16.2R1-S2, 16.2R1-S3, 16.2R1-S4, 16.2R1-S5, 16.2R1-S6, 16.2R2, 16.2R2-S1, 16.2R2-S2, 16.2R2-S3, 16.2R2-S4, 16.2R2-S5, 16.2R2-S6, 17.1R1, 17.1R1-S1, 17.1R1-S2, 17.1R1-S3, 17.1R1-S4, 17.1R1-S5, 17.1R1-S6, 17.1R1-S7, 17.1R2, 17.1R2-S1, 17.1R2-S2, 17.1R2-S3, 17.1R2-S4, 17.1R2-S5, 17.1R2-S6, 17.1R2-S7, 17.1R2-S8, 17.2R1, 17.2R1-S1, 17.2R1-S2, 17.2R1-S3, 17.2R1-S4, 17.2R1-S5, 17.2R1-S6, 17.2R2-S1, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2

CPE External links

https://kb.juniper.net/JSA10965
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ng-mvpn-services-enabling.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

Severity: Low

CVSSv3: 5.7 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0067

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when receipt of a specific link-local IPv6 packet destined to the RE. A remote attacker on adjacent network can send a specially crafted IPv6 packet, repeatedly crash the system and restart (vmcore) and cause a prolonged denial of service condition on the target system.

Note: This issue affects Junos OS devices with Multi-Chassis Link Aggregation Group (MC-LAG) enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 16.1R, 16.1R1, 16.1R2, 16.1R3, 16.1R3-S1, 16.1R3-S2, 16.1R3-S3, 16.1R3-S4, 16.1R3-S5, 16.1R3-S6, 16.1R3-S7, 16.1R3-S8, 16.1R3-S10, 16.1R3-S11, 16.1R4, 16.1R4-S3, 16.1R4-S6, 16.1R4-S8, 16.1R4-S9, 16.1R4-S12, 16.1R4-S13, 16.1R5, 16.1R5-S3, 16.1R5-S4, 16.1R6, 16.2R1, 16.2R1-S1, 16.2R1-S2, 16.2R1-S3, 16.2R1-S4, 16.2R1-S5, 16.2R1-S6, 16.2R2, 16.2R2-S1, 16.2R2-S2, 16.2R2-S3, 16.2R2-S4, 16.2R2-S5, 16.2R2-S6, 16.2R2-S7, 16.2R2-S8, 16.2R2-S9, 17.1R1, 17.1R1-S1, 17.1R1-S2, 17.1R1-S3, 17.1R1-S4, 17.1R1-S5, 17.1R1-S6, 17.1R1-S7, 17.1R2, 17.1R2-S1, 17.1R2-S2, 17.1R2-S3, 17.1R2-S4, 17.1R2-S5, 17.1R2-S6, 17.1R2-S7, 17.1R2-S8, 17.1R2-S9, 17.1R2-S10, 17.1R3-S1

CPE External links

https://kb.juniper.net/JSA10966

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

Severity: Low

CVSSv3: 5.7 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0068

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when the SRX flowd process processing specific multicast packets. A remote attacker on adjacent network can send specific multicast packets and repeatedly crash the target application.

Note: This vulnerability affects Junos OS on SRX Series.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3X48-D10, 12.3X48-D15, 12.3X48-D20, 12.3X48-D25, 12.3X48-D30, 12.3X48-D35, 12.3X48-D40, 12.3X48-D45, 12.3X48-D50, 12.3X48-D51, 12.3X48-D55, 12.3X48-D60, 12.3X48-D61, 12.3X48-D65, 12.3X48-D66, 12.3X48-D70, 12.3X48-D75, 12.3X48-D76, 12.3X48-D77, 12.3X48-D80, 12.3X48-D85, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 15.1X49-D170, 15.1X49-D171, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.3R3-S5, 17.3R3-S6, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2, 17.4R2-S1, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3, 18.1R3-S1, 18.1R3-S2, 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R4, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R1-S5, 18.3R2, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R1-S3, 18.4R1-S4, 19.1R1

CPE External links

https://kb.juniper.net/JSA10968

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cleartext storage of sensitive information

Severity: Low

CVSSv3: 5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0069

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Description

The vulnerability allows a local user to view the password on the target system.

The vulnerability exists due to the affected software stores credentials used during device authentication unencrypted in its log file. A local authenticated user can obtain credentials.

Note: This vulnerability affects only the following versions of Junos OS:

  • 15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series
  • 15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series
  • 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series
  • 17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series
  • 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series
  • 17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series
  • 14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series
  • 15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series
  • 16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series
  • 17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series
  • 17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series
  • 17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series
  • 17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series
  • 18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series
  • 15.1X53 versions prior to 15.1X53-D496 on NFX Series
  • 17.2 versions prior to 17.2R3-S1 on NFX Series
  • 17.3 versions prior to 17.3R3-S4 on NFX Series
  • 17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series
  • 18.1 versions prior to 18.1R3-S4 on NFX Series
  • 18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series
  • 18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series
  • 18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 14.1x53, 15.1, 15.1X49, 15.1X53, 16.1R7, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4

CPE External links

https://kb.juniper.net/JSA10969

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0050

CWE-ID: CWE-399 - Resource Management Errors

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when "srxpfe" process can crash under certain heavy traffic conditions. A remote attacker can send a specially crafted request and cause a denial of service condition.

Note: This vulnerability affects only Junos OS on SRX1500 platforms.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.3R3-S5, 17.3R3-S6, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2, 17.4R2-S1, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3, 18.1R3-S1, 18.1R3-S2, 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R2-S4, 18.2R2-S5, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R1-S5, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R1-S3, 18.4R1-S4

CPE External links

https://kb.juniper.net/JSA10972

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Path traversal

Severity: Low

CVSSv3: 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0074

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A local authenticated user can send a specially crafted HTTP request and read arbitrary files on the system.

Note: This vulnerability affects only Junos OS on NFX150 Series, QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) and vmhost.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1F1, 15.1F2, 15.1F2-S1, 15.1F2-S2, 15.1F2-S3, 15.1F2-S4, 15.1F2-S5, 15.1F2-S6, 15.1F2-S7, 15.1F2-S8, 15.1F2-S9, 15.1F2-S10, 15.1F2-S11, 15.1F2-S12, 15.1F2-S13, 15.1F2-S14, 15.1F2-S15, 15.1F2-S16, 15.1F2-S17, 15.1F2-S18, 15.1F2-S19, 15.1F2-S20, 15.1F3, 15.1F4, 15.1F4-S1-J1, 15.1F4-S2, 15.1F5, 15.1F5-S1, 15.1F5-S2, 15.1F5-S3, 15.1F5-S4, 15.1F5-S5, 15.1F6, 15.1F6-S1, 15.1F6-S2, 15.1F6-S3, 15.1F6-S4, 15.1F6-S5, 15.1F6-S6, 15.1F6-S7, 15.1F6-S8, 15.1F6-S9, 15.1F6-S10, 16.1R6, 16.1R6-S3, 16.1R6-S4, 17.1R1, 17.1R1-S1, 17.1R1-S2, 17.1R1-S3, 17.1R1-S4, 17.1R1-S5, 17.1R1-S6, 17.1R1-S7, 17.1R2, 17.1R2-S1, 17.1R2-S2, 17.1R2-S3, 17.1R2-S4, 17.1R2-S5, 17.1R2-S6, 17.1R2-S7, 17.1R2-S9, 17.1R2-S10, 17.2R1-S3, 17.2R1-S4, 17.2R1-S5, 17.2R1-S6, 17.2R1-S7, 17.2R1-S8, 17.2R2, 17.2R2-S1, 17.2R2-S2, 17.2R2-S3, 17.2R2-S4, 17.2R2-S6, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.2X75-D5, 18.2X75-D10, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.3R1, 18.3R1-S1, 18.4R1

CPE External links

https://kb.juniper.net/JSA10975

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0075

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the srxpfe process on Protocol Independent Multicast (PIM). A remote attacker can send a specially crafted (PIM) messages, crash the srxpfe process, reboot FPC and cause a denial of service condition. 

Note: This vulnerability affects only Junos OS on SRX Series.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3X48-D10, 12.3X48-D15, 12.3X48-D20, 12.3X48-D25, 12.3X48-D30, 12.3X48-D35, 12.3X48-D40, 12.3X48-D45, 12.3X48-D50, 12.3X48-D51, 12.3X48-D55, 12.3X48-D60, 12.3X48-D61, 12.3X48-D65, 12.3X48-D66, 12.3X48-D70, 12.3X48-D75, 12.3X48-D76, 12.3X48-D77, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.3R3-S5, 17.3R3-S6, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2, 17.4R2-S1, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3, 18.1R3-S1, 18.1R3-S2, 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R1-S5

CPE External links

https://kb.juniper.net/JSA10976

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper validation of integrity check value

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0071

CWE-ID: CWE-354 - Improper Validation of Integrity Check Value

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error when the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. A local authenticated user with shell access can install untrusted executable images, elevate privileges and gain full control of the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EX3400: -

EX2300-C: -

EX2300: -

Juniper Junos OS: 18.1R3-S4, 18.3R1-S3

CPE External links

https://kb.juniper.net/JSA10978
https://www.juniper.net/documentation/en_US/junos/topics/concept/veriexec.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Incorrect default permissions

Severity: Low

CVSSv3: 5.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0073

CWE-ID: CWE-276 - Incorrect Default Permissions

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the PKI keys exported using the command "run request security pki key-pair export" have insecure file permissions. A local user with access to the system can view contents of files and directories or modify them.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 15.1X49-D170, 15.1X49-D171, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.3R3-S5, 17.3R3-S6, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3, 18.1R3-S1, 18.1R3-S2, 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R4, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R2-S4, 18.2R2-S5, 18.2R3-S1, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R1-S5, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R1-S3, 18.4R1-S4

CPE External links

https://kb.juniper.net/JSA10974

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource exhaustion

Severity: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0051

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Note: This vulnerability affects only Junos OS on SRX5000 Series

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3X48-D10, 12.3X48-D15, 12.3X48-D20, 12.3X48-D25, 12.3X48-D30, 12.3X48-D35, 12.3X48-D40, 12.3X48-D45, 12.3X48-D50, 12.3X48-D51, 12.3X48-D55, 12.3X48-D60, 12.3X48-D61, 12.3X48-D65, 12.3X48-D66, 12.3X48-D70, 12.3X48-D75, 12.3X48-D76, 12.3X48-D77, 12.3X48-D80, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 15.1X49-D170, 15.1X49-D171, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.3R3-S5, 17.3R3-S6, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2, 17.4R2-S1, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3, 18.1R3-S1, 18.1R3-S2, 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R2-S4, 18.2R2-S5, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R1-S5, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R1-S3, 18.4R1-S4, 19.1R1, 19.1R1-S1, 19.1R1-S2

CPE External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10973&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

Severity: Low

CVSSv3: 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0070

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A local authenticated user can elevate his permissions to take control of other portions of the NFX platform and execute arbitrary commands outside their authorized scope of control.

Note: This vulnerability affects only Junos OS on NFX Series.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CPE
External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10977&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Stored Cross-site scripting

Severity: Low

CVSSv3: 6.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0047

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in J-Web interface. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.1X46-D10, 12.1X46-D15, 12.1X46-D20, 12.1X46-D25, 12.1X46-D30, 12.1X46-D35, 12.1X46-D40, 12.1X46-D45, 12.1X46-D50, 12.1X46-D55, 12.1X46-D60, 12.1X46-D67, 12.1X46-D70, 12.1X46-D71, 12.1X46-D73, 12.1X46-D76, 12.1X46-D77, 12.1X46-D81, 12.3R10, 12.3R11, 12.3R12, 12.3R12-S1, 12.3R12-S2, 12.3R12-S3, 12.3R12-S4, 12.3R12-S5, 12.3R12-S6, 12.3R12-S7, 12.3R12-S8, 12.3R12-S9, 12.3R12-S10, 12.3R12-S12, 12.3X48-D10, 12.3X48-D15, 12.3X48-D20, 12.3X48-D25, 12.3X48-D30, 12.3X48-D35, 12.3X48-D40, 12.3X48-D45, 12.3X48-D50, 12.3X48-D51, 12.3X48-D55, 12.3X48-D60, 12.3X48-D61, 12.3X48-D65, 12.3X48-D66, 12.3X48-D70, 12.3X48-D75, 12.3X48-D76, 12.3X48-D77, 14.1X53-D15, 14.1X53-D16, 14.1X53-D25, 14.1X53-D26, 14.1X53-D27, 14.1X53-D30, 14.1X53-D35, 14.1X53-D40, 14.1X53-D42, 14.1X53-D43, 14.1X53-D44, 14.1X53-D45, 14.1X53-D46, 14.1X53-D47, 14.1X53-D48, 14.1X53-D49, 14.1X53-D50, 15.1F, 15.1F1, 15.1F2, 15.1F2-S1, 15.1F2-S2, 15.1F2-S3, 15.1F2-S4, 15.1F2-S5, 15.1F2-S6, 15.1F2-S7, 15.1F2-S8, 15.1F2-S9, 15.1F2-S10, 15.1F2-S11, 15.1F2-S12, 15.1F2-S13, 15.1F2-S14, 15.1F2-S15, 15.1F2-S16, 15.1F2-S17, 15.1F2-S18, 15.1F2-S19, 15.1F2-S20, 15.1F3, 15.1F4, 15.1F4-S1-J1, 15.1F4-S2, 15.1F5, 15.1F5-S1, 15.1F5-S2, 15.1F5-S3, 15.1F5-S4, 15.1F5-S5, 15.1F6, 15.1F6-S1, 15.1F6-S2, 15.1F6-S3, 15.1F6-S4, 15.1F6-S5, 15.1F6-S6, 15.1F6-S7, 15.1F6-S8, 15.1F6-S9, 15.1F6-S10, 15.1F6-S12, 15.1R, 15.1R1, 15.1R2, 15.1R3, 15.1R4, 15.1R4-S1, 15.1R4-S2, 15.1R4-S3, 15.1R4-S4, 15.1R4-S5, 15.1R4-S6, 15.1R4-S7, 15.1R4-S8, 15.1R4-S9, 15.1R5, 15.1R5-S4, 15.1R5-S5, 15.1R5-S7, 15.1R5-S51, 15.1R5-S52, 15.1R5-S53, 15.1R5-S54, 15.1R5-S55, 15.1R5-S56, 15.1R5-S57, 15.1R6, 15.1R6-S1, 15.1R6-S2, 15.1R6-S3, 15.1R6-S4, 15.1R6-S5, 15.1R6-S6, 15.1R7, 15.1R7-S2, 15.1R7-S3, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 15.1X49-D170, 15.1X53-D10, 15.1X53-D20, 15.1X53-D21, 15.1X53-D30, 15.1X53-D32, 15.1X53-D33, 15.1X53-D34, 15.1X53-D40, 15.1X53-D45, 15.1X53-D47, 15.1X53-D48, 15.1X53-D50, 15.1X53-D51, 15.1X53-D52, 15.1X53-D55, 15.1X53-D57, 15.1X53-D58, 15.1X53-D59, 15.1X53-D60, 15.1X53-D61, 15.1X53-D62, 15.1X53-D63, 15.1X53-D64, 15.1X53-D65, 15.1X53-D66, 15.1X53-D67, 15.1X53-D68, 15.1X53-D70, 15.1X53-D113, 15.1X53-D210, 15.1X53-D230, 15.1X53-D231, 15.1X53-D232, 15.1X53-D233, 15.1X53-D234, 15.1X53-D235, 15.1X53-D236, 15.1X53-D237, 15.1X53-D238, 15.1X53-D470, 15.1X53-D471, 15.1X53-D472, 15.1X53-D490, 15.1X53-D495, 15.1X53-D496, 16.1R, 16.1R1, 16.1R2, 16.1R3, 16.1R3-S1, 16.1R3-S2, 16.1R3-S3, 16.1R3-S4, 16.1R3-S5, 16.1R3-S6, 16.1R3-S7, 16.1R3-S8, 16.1R3-S10, 16.1R3-S11, 16.1R4, 16.1R4-S3, 16.1R4-S6, 16.1R4-S8, 16.1R4-S9, 16.1R4-S12, 16.1R4-S13, 16.1R5, 16.1R5-S3, 16.1R5-S4, 16.1R6, 16.1R6-S3, 16.1R6-S4, 16.1R6-S6, 16.1R7, 16.1R7-S1, 16.1R7-S3, 16.1R7-S4, 16.2R1, 16.2R1-S1, 16.2R1-S2, 16.2R1-S3, 16.2R1-S4, 16.2R1-S5, 16.2R1-S6, 16.2R2, 16.2R2-S1, 16.2R2-S2, 16.2R2-S3, 16.2R2-S4, 16.2R2-S5, 16.2R2-S6, 16.2R2-S7, 16.2R2-S8, 17.1R1, 17.1R1-S1, 17.1R1-S2, 17.1R1-S3, 17.1R1-S4, 17.1R1-S5, 17.1R1-S6, 17.1R1-S7, 17.1R2, 17.1R2-S1, 17.1R2-S2, 17.1R2-S3, 17.1R2-S4, 17.1R2-S5, 17.1R2-S6, 17.1R2-S7, 17.1R2-S9, 17.1R2-S10, 17.2R1, 17.2R1-S1, 17.2R1-S2, 17.2R1-S3, 17.2R1-S4, 17.2R1-S5, 17.2R1-S6, 17.2R1-S7, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.3R3-S5, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 18.1, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3, 18.1R3-S1, 18.1R3-S2, 18.1R3-S3, 18.1R3-S4, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.4R1, 18.4R1-S1

CPE External links

https://kb.juniper.net/JSA10970

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Session Fixation

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0062

CWE-ID: CWE-384 - Session Fixation

Description

The vulnerability allows a remote attacker to steal authenticated sessions.

The vulnerability exists in the J-Web due to the the affected software does not invalidate the previous session and create a new one upon successful login. A remote attacker can use social engineering techniques to fix and hijack a J-Web administrators web session and gain administrative access to the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3R10, 12.3R11, 12.3R12, 12.3R12-S1, 12.3R12-S2, 12.3R12-S3, 12.3R12-S4, 12.3R12-S5, 12.3R12-S6, 12.3R12-S7, 12.3R12-S8, 12.3R12-S9, 12.3R12-S10, 12.3R12-S12, 12.3R12-S13, 12.3R12-S14, 12.3X48-D10, 12.3X48-D15, 12.3X48-D20, 12.3X48-D25, 12.3X48-D30, 12.3X48-D35, 12.3X48-D40, 12.3X48-D45, 12.3X48-D50, 12.3X48-D51, 12.3X48-D55, 12.3X48-D60, 12.3X48-D61, 12.3X48-D65, 12.3X48-D66, 12.3X48-D70, 12.3X48-D75, 12.3X48-D76, 12.3X48-D77, 12.3X48-D80, 14.1X53-D15, 14.1X53-D16, 14.1X53-D25, 14.1X53-D26, 14.1X53-D27, 14.1X53-D30, 14.1X53-D35, 14.1X53-D40, 14.1X53-D42, 14.1X53-D43, 14.1X53-D44, 14.1X53-D45, 14.1X53-D46, 14.1X53-D47, 14.1X53-D48, 14.1X53-D49, 14.1X53-D50, 15.1F, 15.1F1, 15.1F2, 15.1F2-S1, 15.1F2-S2, 15.1F2-S3, 15.1F2-S4, 15.1F2-S5, 15.1F2-S6, 15.1F2-S7, 15.1F2-S8, 15.1F2-S9, 15.1F2-S10, 15.1F2-S11, 15.1F2-S12, 15.1F2-S13, 15.1F2-S14, 15.1F2-S15, 15.1F2-S16, 15.1F2-S17, 15.1F2-S18, 15.1F2-S19, 15.1F2-S20, 15.1F3, 15.1F4, 15.1F4-S1-J1, 15.1F4-S2, 15.1F5, 15.1F5-S1, 15.1F5-S2, 15.1F5-S3, 15.1F5-S4, 15.1F5-S5, 15.1F6, 15.1F6-S1, 15.1F6-S2, 15.1F6-S3, 15.1F6-S4, 15.1F6-S5, 15.1F6-S6, 15.1F6-S7, 15.1F6-S8, 15.1F6-S9, 15.1F6-S10, 15.1F6-S12, 15.1R, 15.1R1, 15.1R2, 15.1R3, 15.1R4, 15.1R4-S1, 15.1R4-S2, 15.1R4-S3, 15.1R4-S4, 15.1R4-S5, 15.1R4-S6, 15.1R4-S7, 15.1R4-S8, 15.1R4-S9, 15.1R5, 15.1R5-S4, 15.1R5-S5, 15.1R5-S7, 15.1R5-S51, 15.1R5-S52, 15.1R5-S53, 15.1R5-S54, 15.1R5-S55, 15.1R5-S56, 15.1R5-S57, 15.1R6, 15.1R6-S1, 15.1R6-S2, 15.1R6-S3, 15.1R6-S4, 15.1R6-S5, 15.1R6-S6, 15.1R7, 15.1R7-S2, 15.1R7-S3, 15.1R7-S4, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 15.1X49-D170, 15.1X49-D171, 15.1X53-D10, 15.1X53-D20, 15.1X53-D21, 15.1X53-D30, 15.1X53-D32, 15.1X53-D33, 15.1X53-D34, 15.1X53-D40, 15.1X53-D45, 15.1X53-D47, 15.1X53-D48, 15.1X53-D50, 15.1X53-D51, 15.1X53-D52, 15.1X53-D55, 15.1X53-D57, 15.1X53-D58, 15.1X53-D59, 15.1X53-D60, 15.1X53-D61, 15.1X53-D62, 15.1X53-D63, 15.1X53-D64, 15.1X53-D65, 15.1X53-D66, 15.1X53-D67, 15.1X53-D68, 15.1X53-D69, 15.1X53-D70, 15.1X53-D113, 15.1X53-D210, 15.1X53-D230, 15.1X53-D231, 15.1X53-D232, 15.1X53-D233, 15.1X53-D234, 15.1X53-D235, 15.1X53-D236, 15.1X53-D237, 16.1R, 16.1R1, 16.1R2, 16.1R3, 16.1R3-S1, 16.1R3-S2, 16.1R3-S3, 16.1R3-S4, 16.1R3-S5, 16.1R3-S6, 16.1R3-S7, 16.1R3-S8, 16.1R3-S10, 16.1R3-S11, 16.1R4, 16.1R4-S3, 16.1R4-S6, 16.1R4-S8, 16.1R4-S9, 16.1R4-S12, 16.2R1, 16.2R1-S1, 16.2R1-S2, 16.2R1-S3, 16.2R1-S4, 16.2R1-S5, 16.2R1-S6, 16.2R2, 16.2R2-S1, 16.2R2-S2, 16.2R2-S3, 16.2R2-S4, 16.2R2-S5, 16.2R2-S6, 16.2R2-S7, 16.2R2-S8, 16.2R2-S9, 17.1R1, 17.1R1-S1, 17.1R1-S2, 17.1R1-S3, 17.1R1-S4, 17.1R1-S5, 17.1R1-S6, 17.1R1-S7, 17.1R2, 17.1R2-S1, 17.1R2-S2, 17.1R2-S3, 17.1R2-S4, 17.1R2-S5, 17.1R2-S6, 17.1R2-S7, 17.1R2-S9, 17.1R2-S10, 17.1R3, 17.2R1, 17.2R1-S1, 17.2R1-S2, 17.2R1-S3, 17.2R1-S4, 17.2R1-S5, 17.2R1-S6, 17.2R1-S7, 17.2R1-S8, 17.2R2, 17.2R2-S1, 17.2R2-S2, 17.2R2-S3, 17.2R2-S4, 17.2R2-S6, 17.2R2-S7, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2, 17.4R2-S1, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3, 18.1R3-S1, 18.1R3-S2, 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R2-S4, 18.2R2-S5, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R1-S5, 18.3R2, 18.3R2-S1, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R1-S3, 18.4R1-S4, 19.1R1, 19.1R1-S1

CPE External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10961&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0061

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure management daemon (MGD) configuration. A local authenticated user can gain administrative privileges due to a misconfiguration of the internal socket.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 15.1X49-D170, 15.1X53, 15.1X53-D10, 15.1X53-D20, 15.1X53-D21, 15.1X53-D30, 15.1X53-D32, 15.1X53-D33, 15.1X53-D34, 15.1X53-D40, 15.1X53-D45, 15.1X53-D47, 15.1X53-D48, 15.1X53-D50, 15.1X53-D51, 15.1X53-D52, 15.1X53-D55, 15.1X53-D57, 15.1X53-D58, 15.1X53-D59, 15.1X53-D60, 15.1X53-D61, 15.1X53-D62, 15.1X53-D63, 15.1X53-D64, 15.1X53-D65, 15.1X53-D66, 15.1X53-D67, 15.1X53-D68, 15.1X53-D70, 15.1X53-D113, 15.1X53-D210, 15.1X53-D230, 15.1X53-D231, 15.1X53-D232, 15.1X53-D233, 15.1X53-D234, 15.1X53-D235, 15.1X53-D236, 15.1X53-D237, 15.1X53-D470, 15.1X53-D471, 15.1X53-D472, 15.1X53-D490, 15.1X53-D495, 16.1, 16.1R, 16.1R1, 16.1R2, 16.1R3, 16.1R3-S1, 16.1R3-S2, 16.1R3-S3, 16.1R3-S4, 16.1R3-S5, 16.1R3-S6, 16.1R3-S7, 16.1R3-S8, 16.1R3-S10, 16.1R3-S11, 16.1R4, 16.1R4-S3, 16.1R4-S6, 16.1R4-S8, 16.1R4-S9, 16.1R4-S12, 16.1R5, 16.1R5-S3, 16.1R5-S4, 16.1R6, 16.1R6-S3, 16.1R6-S4, 16.1R6-S6, 16.1R7, 16.1R7-S1, 16.1R7-S3, 16.2, 16.2R1, 16.2R1-S1, 16.2R1-S2, 16.2R1-S3, 16.2R1-S4, 16.2R1-S5, 16.2R1-S6, 16.2R2, 16.2R2-S1, 16.2R2-S2, 16.2R2-S3, 16.2R2-S4, 16.2R2-S5, 16.2R2-S6, 16.2R2-S7, 16.2R2-S8, 17.1, 17.1R1, 17.1R2, 17.2, 17.2R1, 17.2R1-S1, 17.2R1-S2, 17.2R1-S3, 17.2R1-S4, 17.2R1-S5, 17.2R1-S6, 17.2R1-S7, 17.3, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.3R3, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 18.1, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.2R1, 18.2R1-S3, 18.2R1-S4, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.4R1, 18.4R1-S1

CPE External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10960&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0060

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the flowd process when processing specific transit IP packets through an IPSec tunnel. A remote attacker can cause an extended Denial of Service (DoS) condition.

Note: This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 15.1X49-D170, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R2-S4, 18.2R2-S5, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R1-S3, 18.4R1-S4

CPE External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10959&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper Privilege Management

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0058

CWE-ID: CWE-269 - Improper Privilege Management

Description

The vulnerability allows a local user to escalate privilege on the target system.

The vulnerability exists due to missing access controls in the Veriexec subsystem. A local user can elevate privileges to gain full control of the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3x48, 12.3X48-D10, 12.3X48-D15, 12.3X48-D20, 12.3X48-D25, 12.3X48-D30, 12.3X48-D35, 12.3X48-D40, 12.3X48-D45, 12.3X48-D50, 12.3X48-D51, 12.3X48-D55, 12.3X48-D60, 12.3X48-D61, 12.3X48-D65, 12.3X48-D66, 12.3X48-D70, 12.3X48-D75, 12.3X48-D76, 12.3X48-D77

CPE External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10956&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Memory leak

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0059

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to memory leak in the routing protocol process (rpd). A remote attacker can send specific commands from a peered BGP host, have those BGP states delivered to the vulnerable device and perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.1, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1x75

CPE External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10957&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper Authorization

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0057

CWE-ID: CWE-285 - Improper Authorization

Description

The vulnerability allows a local user to bypass authorization checks.

The vulnerability exists due to missing authorization checks. A local user can bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CPE
External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10955&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Insufficient Resource Pool

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0056

CWE-ID: -

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to the device's resource pool is not large enough to handle peak demand. A remote attacker can cause the device's Open Shortest Path First (OSPF) states to transition to Down and perform a denial of service attack.

Note: This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.1, 18.1R1, 18.1R2, 18.1R2-S2, 18.1R2-S3, 18.1x75, 18.1X75-D10, 18.2, 18.2R1, 18.2R1-S3, 18.2X75-D5, 18.2X75-D10, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D40, 18.3, 18.3R1, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.4R1, 18.4R1-S1

MX480: -

MX960: -

MX2008: -

MX2010: -

MX2020: -

CPE External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10954&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper Certificate Validation

Severity: Medium

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0054

CWE-ID: CWE-295 - Improper Certificate Validation

Description

The vulnerability allows a remote attacker to perform a man-in-the-middle (MiTM) attack.

The vulnerability exists due to an improper certificate validation weakness in the SRX Series Application Identification (app-id) signature update client. A remote attacker can perform MitM attack during app-id signature updates.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110

CPE External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10952&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0055

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to a boundary error in the SIP ALG packet processing service. A remote attacker can send a specific types of valid SIP traffic to the device, cause flowd process to crash, trigger memory corruption and cause a denial of service condition.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3x48, 12.3X48-D10, 12.3X48-D15, 12.3X48-D20, 12.3X48-D25, 12.3X48-D30, 12.3X48-D35, 12.3X48-D40, 12.3X48-D45, 12.3X48-D50, 12.3X48-D51, 12.3X48-D55, 12.3X48-D60, 15.1X49, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 17.3, 17.3R1, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R2-S4, 17.4, 17.4R1, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8

CPE External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10953&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.