#VU17090 Improper input validation in Juniper Junos OS - CVE-2019-0013
Published: January 9, 2019 / Updated: January 18, 2019
Vulnerability identifier: #VU17090
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-0013
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows an adjacent attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. An adjacent attacker can send a specially crafted IPv4 PIM Join packet and cause the routing protocol daemon (RPD) process to crash.
Remediation
The vulnerability has been addressed in the versions 12.1X46-D77, 12.3X48-D77, 15.1F6-S10, 15.1R6-S6, 15.1R7, 15.1X49-D150, 15.1X53-D233, 15.1X53-D59, 16.1R3-S8, 16.1R4-S8, 16.1R7, 16.2R2-S6, 17.1R2-S6, 17.1R3, 17.2R2-S3, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R1.