Main Vulnerability Database Vulnerabilities #VU19149

#VU19149 Stack-based buffer overflow in Juniper Junos OS - CVE-2019-0053

Published: July 11, 2019

Vulnerability identifier: #VU19149

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-0053

CWE-ID: CWE-121

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of environment variables when connecting via the telnet client to remote telnet servers. A local authenticated attacker can trigger stack-based buffer overflow, bypass veriexec restrictions and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability only affects the telnet client - accessible from the CLI or shel.

Remediation

Install updates from vendor's website.

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10947&cat=SIRT_1&actp=LIST

#VU19149 Stack-based buffer overflow in Juniper Junos OS - CVE-2019-0053

Description

Remediation

External links

Please verify you're human