Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-0006

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms.

Published

2019-01-15T21:29:01.027

Last Modified

2024-11-21T04:16:01.887

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-908
Type: Primary
CWE-908

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	14.1x53	Yes
Hardware	juniper	ex2200	-	No
Hardware	juniper	ex2200-c	-	No
Hardware	juniper	ex2300	-	No
Hardware	juniper	ex2300-c	-	No
Hardware	juniper	ex3300	-	No
Hardware	juniper	ex3400	-	No
Hardware	juniper	ex4200	-	No
Hardware	juniper	ex4300	-	No
Hardware	juniper	ex4500	-	No
Hardware	juniper	ex4550	-	No
Hardware	juniper	ex4600	-	No
Hardware	juniper	ex4650	-	No
Hardware	juniper	ex6210	-	No
Hardware	juniper	ex8208	-	No
Hardware	juniper	ex8216	-	No
Hardware	juniper	ex9204	-	No
Hardware	juniper	ex9208	-	No
Hardware	juniper	ex9214	-	No
Hardware	juniper	ex9251	-	No
Hardware	juniper	ex9253	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Hardware	juniper	qfx3500	-	No
Hardware	juniper	qfx3600	-	No
Hardware	juniper	qfx5100	-	No
Hardware	juniper	qfx5110	-	No
Hardware	juniper	qfx5120	-	No
Hardware	juniper	qfx5200	-	No
Hardware	juniper	qfx5210	-	No
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1x53	Yes
Operating System	juniper	junos	15.1x53	Yes
Operating System	juniper	junos	15.1x53	Yes
Operating System	juniper	junos	15.1x53	Yes
Operating System	juniper	junos	15.1x53	Yes
Operating System	juniper	junos	15.1x53	Yes
Operating System	juniper	junos	15.1x53	Yes
Hardware	juniper	ex2200	-	No
Hardware	juniper	ex2200-c	-	No
Hardware	juniper	ex2300	-	No
Hardware	juniper	ex2300-c	-	No
Hardware	juniper	ex3300	-	No
Hardware	juniper	ex3400	-	No
Hardware	juniper	ex4200	-	No
Hardware	juniper	ex4300	-	No
Hardware	juniper	ex4500	-	No
Hardware	juniper	ex4550	-	No
Hardware	juniper	ex4600	-	No
Hardware	juniper	ex4650	-	No
Hardware	juniper	ex6210	-	No
Hardware	juniper	ex8208	-	No
Hardware	juniper	ex8216	-	No
Hardware	juniper	ex9204	-	No
Hardware	juniper	ex9208	-	No
Hardware	juniper	ex9214	-	No
Hardware	juniper	ex9251	-	No
Hardware	juniper	ex9253	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Hardware	juniper	qfx3500	-	No
Hardware	juniper	qfx3600	-	No
Hardware	juniper	qfx5100	-	No
Hardware	juniper	qfx5110	-	No
Hardware	juniper	qfx5120	-	No
Hardware	juniper	qfx5200	-	No
Hardware	juniper	qfx5210	-	No

References

http://www.securityfocus.com/bid/106666 Third Party Advisory, VDB Entry ([email protected])
https://kb.juniper.net/JSA10906 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/106666 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://kb.juniper.net/JSA10906 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)