Main Vulnerability Database Vulnerabilities #VU19149

Stack-based buffer overflow in Juniper Junos OS - CVE-2019-0053

Published: July 11, 2019

Vulnerability identifier: #VU19149

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-0053

CWE-ID: CWE-121

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of environment variables when connecting via the telnet client to remote telnet servers. A local authenticated attacker can trigger stack-based buffer overflow, bypass veriexec restrictions and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability only affects the telnet client - accessible from the CLI or shel.

How to mitigate CVE-2019-0053

Install updates from vendor's website.

Sources

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10947&cat=SIRT_1&actp=LIST

Stack-based buffer overflow in Juniper Junos OS - CVE-2019-0053

Detailed vulnerability description

How to mitigate CVE-2019-0053

Sources

Please verify you're human