Multiple vulnerabilities in Juniper Junos OS

1) Input validation error

EUVDB-ID: #VU21759

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0063

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled. A remote attacker can send a specially crafted DHCP response message on a subscriber interface, crash jdhcpd and cause an extended denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1R - 19.1R1

CPE2.3

External links

https://kb.juniper.net/JSA10962

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU21758

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0064

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing TCP packets if "set security zones security-zone <zone> tcp-rst" is configured. A remote attacker can send a specially crafted TCP packet, crash the flowd process and cause a denial of service on the target system.

Note: This vulnerability affects only Junos OS on SRX 5000 Series.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.2R3 - 19.2R1

CPE2.3

External links

https://kb.juniper.net/JSA10963

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU21757

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0065

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing SIP packets. A remote attacker can send a specially crafted SIP packet, crash the MS-PIC component on MS-MIC or MS-MPC and cause a sustained denial of service condition on the target sysem.

Note: This issue affects Junos OS on MX Series when the SIP ALG is enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 16.1R - 18.4R1

CPE2.3

External links

https://kb.juniper.net/JSA10964

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU21756

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0066

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to an unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service. A remote attacker can send a specially crafted IPv4 packet to the device running BGP and cause a denial of service condition and core the routing protocol daemon (rpd) process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1R - 17.3R2

CPE2.3

External links

https://kb.juniper.net/JSA10965
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ng-mvpn-services-enabling.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU21755

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0067

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when receipt of a specific link-local IPv6 packet destined to the RE. A remote attacker on adjacent network can send a specially crafted IPv6 packet, repeatedly crash the system and restart (vmcore) and cause a prolonged denial of service condition on the target system.

Note: This issue affects Junos OS devices with Multi-Chassis Link Aggregation Group (MC-LAG) enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 16.1R - 17.1R3-S1

CPE2.3

External links

https://kb.juniper.net/JSA10966

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU21754

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0068

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when the SRX flowd process processing specific multicast packets. A remote attacker on adjacent network can send specific multicast packets and repeatedly crash the target application.

Note: This vulnerability affects Junos OS on SRX Series.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3X48-D10 - 19.1R1

CPE2.3

External links

https://kb.juniper.net/JSA10968

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cleartext storage of sensitive information

EUVDB-ID: #VU21725

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0069

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a local user to view the password on the target system.

The vulnerability exists due to the affected software stores credentials used during device authentication unencrypted in its log file. A local authenticated user can obtain credentials.

Note: This vulnerability affects only the following versions of Junos OS:

15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series

15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series

15.1X53 versions prior to 15.1X53-D68 on QFX10K Series

17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series

17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series

17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series

14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series

15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series

16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series

17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series

17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series

17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series

17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series

18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series

15.1X53 versions prior to 15.1X53-D496 on NFX Series

17.2 versions prior to 17.2R3-S1 on NFX Series

17.3 versions prior to 17.3R3-S4 on NFX Series

17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series

18.1 versions prior to 18.1R3-S4 on NFX Series

18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series

18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series

18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 14.1x53 - 18.4

CPE2.3

External links

https://kb.juniper.net/JSA10969

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU21724

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0050

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when "srxpfe" process can crash under certain heavy traffic conditions. A remote attacker can send a specially crafted request and cause a denial of service condition.

Note: This vulnerability affects only Junos OS on SRX1500 platforms.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49-D10 - 18.4R1

CPE2.3

cpe:2.3:o:juniper_networks:juniper_junos_os:15.1X49-D161:*:*:*:*:*:*:*

External links

https://kb.juniper.net/JSA10972

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Path traversal

EUVDB-ID: #VU21723

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0074

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A local authenticated user can send a specially crafted HTTP request and read arbitrary files on the system.

Note: This vulnerability affects only Junos OS on NFX150 Series, QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) and vmhost.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1F1 - 18.4R1

CPE2.3

External links

https://kb.juniper.net/JSA10975

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU21722

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0075

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the srxpfe process on Protocol Independent Multicast (PIM). A remote attacker can send a specially crafted (PIM) messages, crash the srxpfe process, reboot FPC and cause a denial of service condition.

Note: This vulnerability affects only Junos OS on SRX Series.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3X48-D10 - 17.3

CPE2.3

External links

https://kb.juniper.net/JSA10976

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper validation of integrity check value

EUVDB-ID: #VU21718

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0071

CWE-ID: CWE-354 - Improper Validation of Integrity Check Value

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error when the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. A local authenticated user with shell access can install untrusted executable images, elevate privileges and gain full control of the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EX3400: All versions

EX2300-C: All versions

EX2300: All versions

Juniper Junos OS: 18.1R1 - 18.3

CPE2.3

External links

https://kb.juniper.net/JSA10978
https://www.juniper.net/documentation/en_US/junos/topics/concept/veriexec.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Incorrect default permissions

EUVDB-ID: #VU21717

Risk: Low

CVSSv4.0: 3.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0073

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the PKI keys exported using the command "run request security pki key-pair export" have insecure file permissions. A local user with access to the system can view contents of files and directories or modify them.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49-D10 - 18.4R1

CPE2.3

cpe:2.3:o:juniper_networks:juniper_junos_os:18.2R3-S1:*:*:*:*:*:*:*

External links

https://kb.juniper.net/JSA10974

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource exhaustion

EUVDB-ID: #VU21704

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0051

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Note: This vulnerability affects only Junos OS on SRX5000 Series

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3X48-D10 - 19.1R1

CPE2.3

cpe:2.3:o:juniper_networks:juniper_junos_os:12.3X48-D80:*:*:*:*:*:*:*

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10973&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU21703

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0070

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A local authenticated user can elevate his permissions to take control of other portions of the NFX platform and execute arbitrary commands outside their authorized scope of control.

Note: This vulnerability affects only Junos OS on NFX Series.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.2

CPE2.3

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10977&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Stored Cross-site scripting

EUVDB-ID: #VU21701

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0047

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in J-Web interface. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.1X46-D10 - 18.4R1

CPE2.3

External links

https://kb.juniper.net/JSA10970

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Session Fixation

EUVDB-ID: #VU21700

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0062

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to steal authenticated sessions.

The vulnerability exists in the J-Web due to the the affected software does not invalidate the previous session and create a new one upon successful login. A remote attacker can use social engineering techniques to fix and hijack a J-Web administrators web session and gain administrative access to the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3R10 - 19.1R1

CPE2.3

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10961&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU21699

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0061

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure management daemon (MGD) configuration. A local authenticated user can gain administrative privileges due to a misconfiguration of the internal socket.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49-D10 - 18.4R1

CPE2.3

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10960&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU21698

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0060

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the flowd process when processing specific transit IP packets through an IPSec tunnel. A remote attacker can cause an extended Denial of Service (DoS) condition.

Note: This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49-D10 - 18.4R1

CPE2.3

cpe:2.3:o:juniper_networks:juniper_junos_os:18.2R2-S5:*:*:*:*:*:*:*

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10959&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper Privilege Management

EUVDB-ID: #VU21697

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0058

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privilege on the target system.

The vulnerability exists due to missing access controls in the Veriexec subsystem. A local user can elevate privileges to gain full control of the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3X48-D10 - 12.3x48

CPE2.3

cpe:2.3:o:juniper_networks:juniper_junos_os:12.3x48:*:*:*:*:*:*:*

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10956&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Memory leak

EUVDB-ID: #VU21696

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0059

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to memory leak in the routing protocol process (rpd). A remote attacker can send specific commands from a peered BGP host, have those BGP states delivered to the vulnerable device and perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.1R1 - 18.1

CPE2.3

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10957&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper Authorization

EUVDB-ID: #VU21695

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0057

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a local user to bypass authorization checks.

The vulnerability exists due to missing authorization checks. A local user can bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.2R1-S3 - 18.2

CPE2.3

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10955&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Insufficient Resource Pool

EUVDB-ID: #VU21694

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0056

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to the device's resource pool is not large enough to handle peak demand. A remote attacker can cause the device's Open Shortest Path First (OSPF) states to transition to Down and perform a denial of service attack.

Note: This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.1R1 - 18.4R1

MX480: All versions

MX960: All versions

MX2008: All versions

MX2010: All versions

MX2020: All versions

CPE2.3

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10954&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper Certificate Validation

EUVDB-ID: #VU21693

Risk: Medium

CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0054

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a man-in-the-middle (MiTM) attack.

The vulnerability exists due to an improper certificate validation weakness in the SRX Series Application Identification (app-id) signature update client. A remote attacker can perform MitM attack during app-id signature updates.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 15.1X49-D10 - 15.1X49

CPE2.3

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10952&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU21692

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0055

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to a boundary error in the SIP ALG packet processing service. A remote attacker can send a specific types of valid SIP traffic to the device, cause flowd process to crash, trigger memory corruption and cause a denial of service condition.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 12.3X48-D10 - 17.4

CPE2.3

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10953&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	Medium
Patch available	YES
Number of vulnerabilities	24
CVE-ID	CVE-2019-0063 CVE-2019-0064 CVE-2019-0065 CVE-2019-0066 CVE-2019-0067 CVE-2019-0068 CVE-2019-0069 CVE-2019-0050 CVE-2019-0074 CVE-2019-0075 CVE-2019-0071 CVE-2019-0073 CVE-2019-0051 CVE-2019-0070 CVE-2019-0047 CVE-2019-0062 CVE-2019-0061 CVE-2019-0060 CVE-2019-0058 CVE-2019-0059 CVE-2019-0057 CVE-2019-0056 CVE-2019-0054 CVE-2019-0055
CWE-ID	CWE-20 CWE-312 CWE-399 CWE-22 CWE-354 CWE-276 CWE-400 CWE-79 CWE-384 CWE-264 CWE-269 CWE-401 CWE-285 CWE-295 CWE-119
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Juniper Junos OS Operating systems & Components / Operating system EX3400 Hardware solutions / Routers & switches, VoIP, GSM, etc EX2300-C Hardware solutions / Routers & switches, VoIP, GSM, etc EX2300 Hardware solutions / Routers & switches, VoIP, GSM, etc MX960 Hardware solutions / Routers & switches, VoIP, GSM, etc MX2008 Hardware solutions / Routers & switches, VoIP, GSM, etc MX2010 Hardware solutions / Routers & switches, VoIP, GSM, etc MX2020 Hardware solutions / Routers & switches, VoIP, GSM, etc MX480 Hardware solutions / Firmware
Vendor	Juniper Networks, Inc.