Multiple vulnerabilities in Juniper Junos OS



Risk High
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2019-0001
CVE-2019-0002
CVE-2019-0003
CVE-2019-0005
CVE-2019-0006
CVE-2019-0007
CVE-2019-0009
CVE-2019-0010
CVE-2019-0011
CVE-2019-0012
CVE-2019-0013
CVE-2019-0014
CVE-2019-0015
CWE-ID CWE-835
CWE-264
CWE-617
CWE-822
CWE-400
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Juniper Junos OS
Operating systems & Components / Operating system

Vendor Juniper Networks, Inc.

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU17000

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0001

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd) when receipt of a malformed packet on MX Series devices with dynamic vlan configuration. A remote attacker can send trigger high CPU usage and a crash of the bbe-smgd service.

Mitigation

The vulnerability has been addressed in the versions 16.1R7-S1, 16.2R2-S7, 17.1R2-S10, 17.1R3, 17.2R3, 17.3R3-S1, 17.4R2, 18.1R3, 18.2R2, 18.3R1.

Vulnerable software versions

Juniper Junos OS: 16.1R - 18.2

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10900&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU17019

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0002

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the failure of stateless firewall filter rules to take effect. A remote unauthenticated attacker can bypass security restrictions to conduct further attacks.

Mitigation

The vulnerability has been addressed in the versions 15.1X53-D590, 18.1R3, 18.2R2, 18.3R1.

Vulnerable software versions

Juniper Junos OS: 15.1X53-D10 - 18.2

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10901&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Reachable assertion

EUVDB-ID: #VU17020

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0003

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to a reachable assertion failure when a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration. A remote attacker can cause the routing protocol daemon (rpd) process to crash with a core file being generated.

Mitigation

The vulnerability has been addressed in the versions 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 14.1X53-D47, 15.1F3, 15.1R3, 15.1X49-D140, 15.1X53-D59, 16.1R1.

Vulnerable software versions

Juniper Junos OS: 12.1X46-D60 - 15.1

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10902&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Security restrictions bypass

EUVDB-ID: #VU17083

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0005

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to the ignoring of IPv6 extension headers by the stateless firewall filter. A remote attacker can bypass security restrictions to forward IPv6 packets.

Mitigation

The vulnerability has been addressed in the versions 14.1X53-D47, 15.1R7, 15.1X53-D234, 15.1X53-D591, 16.1R7, 17.1R2-S10, 17.1R3, 17.2R3, 17.3R3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5.

Vulnerable software versions

Juniper Junos OS: 14.1X53-D15 - 18.1

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10905&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Untrusted pointer dereference

EUVDB-ID: #VU17084

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-0006

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The weakness exists due to an uninitialized function pointer dereference in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. A remote attacker can send specially crafted HTTP packets to cause the fxpc daemon crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

The vulnerability has been addressed in the versions 14.1X53-D47, 15.1R7-S3, 16.1R1.

Vulnerable software versions

Juniper Junos OS: 14.1X53-D15 - 16.1R

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10906&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security restrictions bypass

EUVDB-ID: #VU17085

Risk: Medium

CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0007

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows  a remote attacker to bypass security restrictions.

The weakness exists due to the use of a predictable IP ID Sequence Number. A remote attacker can bypass security restrictions launch further attacks on the system.

Mitigation

Update to version 15.1F5.

Vulnerable software versions

Juniper Junos OS: 15.1F - 15.1

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10903&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Denial of service

EUVDB-ID: #VU17086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0009

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition.

The vulnerability exists due to unspecified flaw. A local attacker can use high disk I/O operations to disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE).

Mitigation

The vulnerability has been addressed in the versions 15.1X53-D113, 15.1X53-D590, 18.1R2-S2, 18.1R3, 18.2R2, 18.3R1.

Vulnerable software versions

Juniper Junos OS: 15.1X53-D10 - 18.2

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10909&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource exhaustion

EUVDB-ID: #VU17087

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0010

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to an error when processing malicious input. A remote attacker can send a specially-crafted HTTP traffic, cause UTM to consume all mbufs resulting in a denial of service condition.

Mitigation

The vulnerability has been addressed in the versions 12.1X46-D81, 12.3X48-D77, 15.1X49-D101, 15.1X49-D110, 17.3R1.

Vulnerable software versions

Juniper Junos OS: 12.1X46-D60 - 17.3

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10910&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU17088

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0011

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition.

The vulnerability exists due to an error when processing malicious input. An adjacent attacker can continuously send a specially crafted packet and cause the kernel to crash.

Mitigation

The vulnerability has been addressed in the versions 17.2R1-S7, 17.2R3, 17.2X75-D110, 17.3R3-S3, 17.4R1-S4, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5.

Vulnerable software versions

Juniper Junos OS: 17.2R1-S1 - 18.2

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10911&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU17089

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0012

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to an error when configured as a VPLS PE. A remote attacker can send a specially crafted BGP message and cause the routing protocol daemon (rpd) process to crash.

Mitigation

The vulnerability has been addressed in the versions 12.1X46-D81, 12.3R12-S12, 12.3X48-D76, 12.3X48-D80, 15.1F6-S12, 15.1R7-S2, 15.1X49-D150, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68, 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1, 16.2R2-S7, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R1-S5, 17.4R2, 18.1R2-S3, 18.1R3, 18.2R1, 18.2X75-D10.

Vulnerable software versions

Juniper Junos OS: 12.1X46-D60 - 18.2X75-D5

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10912&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU17090

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0013

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition.

The vulnerability exists due to an error when processing malicious input. An adjacent attacker can send a specially crafted IPv4 PIM Join packet and cause the routing protocol daemon (RPD) process to crash.

Mitigation

The vulnerability has been addressed in the versions 12.1X46-D77, 12.3X48-D77, 15.1F6-S10, 15.1R6-S6, 15.1R7, 15.1X49-D150, 15.1X53-D233, 15.1X53-D59, 16.1R3-S8, 16.1R4-S8, 16.1R7, 16.2R2-S6, 17.1R2-S6, 17.1R3, 17.2R2-S3, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R1.

Vulnerable software versions

Juniper Junos OS: 12.1X46-D60 - 17.4

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10913&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU17091

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0014

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to an error when processing malicious input. A remote attacker can send a specially crafted packet for J-Flow and cause the FPC (Flexible PIC Concentrator) process to crash.

Mitigation

The vulnerability has been addressed in the versions 17.2X75-D91, 17.2X75-D100, 17.4R2-S1, 17.4R3, 18.1R3-S1, 18.2R1-S3, 18.2R2, 18.2X75-D5, 18.3R1.

Vulnerable software versions

Juniper Junos OS: 17.2X75-D30 - 18.2

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10914&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security restrictions bypass

EUVDB-ID: #VU17092

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0015

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists due to an error in the SRX Series Service Gateway. A remote authenticated attacker can establish VPN connections until reboot and gain access to the device.

Mitigation

The vulnerability has been addressed in the versions 12.3X48-D75, 15.1X49-D150, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1.

Vulnerable software versions

Juniper Junos OS: 12.3X48-D10 - 18.2

CPE2.3 External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10915&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###