Improper input validation in Juniper Junos OS - CVE-2019-0013
Published: January 9, 2019 / Updated: January 18, 2019
Vulnerability identifier: #VU17090
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-0013
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS
Juniper Junos OS
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. An adjacent attacker can send a specially crafted IPv4 PIM Join packet and cause the routing protocol daemon (RPD) process to crash.
How to mitigate CVE-2019-0013
The vulnerability has been addressed in the versions 12.1X46-D77, 12.3X48-D77, 15.1F6-S10, 15.1R6-S6, 15.1R7, 15.1X49-D150, 15.1X53-D233, 15.1X53-D59, 16.1R3-S8, 16.1R4-S8, 16.1R7, 16.2R2-S6, 17.1R2-S6, 17.1R3, 17.2R2-S3, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R1.